Cybercriminals are becoming increasingly sophisticated and continue to find new ways to compromise both individuals’ and firms’ data security. Phishing attacks often use current events or crises to entice users to click infected links, download malicious programs or documents, or provide sensitive information to bad actors.
In the first six months of the COVID-19 pandemic, phishing attacks increased by more than 600% with hackers exploiting virus-related concerns among individuals and businesses. There are several upcoming events that could heighten data theft activity in the coming year:
CYBERSECURITY RISKS IN 2021
- Postal shipping and returns: Hackers may send emails, text messages, or other communications claiming to include information about shipping or tracking packages. These could come from attackers posing as retailers or mail carriers. Always check to make sure the sender is credible and that any links are taking you to the correct website, especially if you are not anticipating a communication of this type. Rather than clicking through the link, log into your account through your browser and bookmark important webpages.
- COVID-19 vaccinations: Bad actors may communicate with you via phone, text, or email claiming that it is time to sign up for a COVID-19 vaccine or offer to place you on a vaccination waiting list. Fake sites may be created to pose as portals for vaccine registration. Victims may be asked for personal, insurance, or banking information as part of these scams. Always verify with your local health department or equivalent if you receive suspicious requests of this nature.
- Working remote or from home: As many offices are working partially or entirely remote, employee-owned devices present new opportunities for cybercriminals to compromise your business’s data security. Employees working without a virtual private network (VPN) or working from a shared network could be leaving your business’s data open to hackers.
- Wire requests around the holidays: Cybercriminals take advantage of this busy time of year when many employees may be on vacation or working remotely. Be sure to implement a dual-authentication process for any wire transfers and do not engage with unanticipated or suspicious wire requests.
HOW TO PREVENT ATTACKS
- Although cybersecurity risks are always present, there are ways to minimize the impacts. Some methods are as follows:
- Network penetration testing: A penetration test simulates tactics hackers may use to access your business systems, revealing any weaknesses to be addressed. Conducting annual scans of your systems can help prevent attackers from successfully stealing data.
- Phishing training: The biggest security weakness for most businesses is human error. Employees can easily be tricked into falling for phishing emails without proper training. Conducting annual training with existing employees and training new-hires along with ongoing phishing campaigns can help mitigate the risks human error presents to your data security.
- Implement mock phishing campaigns: In addition to annual training, you should implement mock phishing campaigns to test your employees’ ability to spot potential phishing emails. Follow up with any employees who click mock phishing emails and provide training or have a one-on-one discussion to ensure the employee knows how to spot the next threat.
- Vendor due diligence reviews: Completing due diligence on current or potential key vendors that host or handle your business’s sensitive information can save the time and expense of being involved with a third party data breach. Reviewing processes for security can help you decide whether to begin or continue a vendor relationship.
As cyber and data security risks evolve, so should your business’s security strategy. By taking proactive steps like conducting network penetration tests, initiating phishing training with your employees, and completing vendor due diligence reviews, you can help prevent the devastating impacts of data compromise and loss.
Your firm may not have the internal staff to complete some of these tasks, which is where Fairview can help. Our affiliate, Fairview Cyber, will assist your business with getting its cybersecurity and vendor management programs up to speed for 2021. We can assist with implementing your firm’s mock phishing campaigns and rolling out follow up training for employees based on the results. Contact us today for more information about what we can do to boost your organization’s security.