More than 6 million data records are compromised every day, and it would be foolish to think your organisation isn’t at risk of contributing to that figure. Cyber criminals look for vulnerabilities wherever they can find them, and you can be sure that your organisation is full of them. Here are seven threats you need to prepare for:
There are many types of malware you need to be aware of, including adware, spyware, bots, ransomware, Trojan horses, viruses and worms. It’s often hard to know when you’ve been infected, as some malware draws as little attention to itself as possible.
Other malware, such as ransomware, makes its presence clear, locking users’ computers and demanding payment for the decryption key.
You can generally suspect that you have been infected if your computer:
- Slows down, freezes or crashes;
- Creates new files, or modifies or deletes existing ones;
- Automatically runs, turns off or reconfigures programs; or
- Sends emails or messages to your contacts.
2. Malicious insiders
Many of your employees will have access to sensitive information, and you must always assume that there’s a chance that someone will attempt to misappropriate it. That sounds cynical, but unfortunately the lure of financial gain from selling data on the dark web is too great for many.
Employees are also likely to use sensitive information maliciously if they feel disgruntled at work or if they have left an organisation under poor terms and still have access to its systems.
You can reduce the threat of former employees breaching your organisation by ensuring their access is cut off as soon as possible. Things are naturally more difficult when it comes to current employees, because they often need access to sensitive information to do their job. Implementing access controls will help, as this ensures employees can only view information that’s relevant to their job role.
You should also consider bolstering your cyber security culture. If you emphasise cyber security and show that you are taking it seriously, malicious employees are likely to realise how hard it is to get away with data theft.
3. Insider Error
Employees don’t have to act maliciously to commit a data breach. They might simply make a mistake, such as including the wrong person in the cc field of an email, attaching the wrong document or losing a laptop.
Insider error is often the result of a lapse in concentration, which makes it almost impossible to prevent. You can’t expect your workforce to never make mistakes.
What you can do is implement safeguards to minimise the damage. For example, sensitive information stored on a work-issued laptop should be encrypted to prevent misuse if it’s stolen. Similarly, access controls will ensure that an employee who was sent a document in error won’t be able to view it.
Most people are at least vaguely aware of what phishing attacks look like. They are the poorly written and unexpected messages that try to scare you into thinking something has gone wrong. Perhaps your account has been hacked, you need to confirm a card payment, or your bank account has been compromised.
Whatever form the messages take, they always contain a request for information, an attachment to open (often a .zip file) or a link to click.
If an email isn’t addressed to you personally, contains suspicious attachments or links or is sent from a bogus email address, it is probably a phishing scam.
How do you score on the breach readiness scale?
To find out how prepared you are to deal with these threats and others by taking our breach readiness quiz.
This quick and easy to understand questionnaire scores you on your existing defence measures. We’ll give you an overview of how prepared you are for a breach, which you can compare to other organisations in your sector. We’ll also provide a detailed summary of your answers, and offer advice to help you raise your score and improve your defences.