Protecting against cyber security threats is an ongoing battle. Hackers are constantly evolving their methods to gain access to systems and finding new bugs in software and cloud services that can be exploited. This post will look at five common areas that can cause data breaches and cyber security incidents.
1. Poor password hygiene
Password hygiene refers to how well passwords are selected and managed by your organisation. Poor password hygiene includes using the same password across multiple accounts, using easy-to-guess or common passwords, sharing passwords with others and writing passwords down. All of these methods can lead to accounts being compromised and subsequent data breaches.
How to improve password hygiene: ensure your users undertake cyber security training that includes best-practice for selecting and managing passwords.
From an organisational perspective, you should use breached password protection (to stop common passwords being used), limit password attempts on user accounts, use multi-factor authentication, change default passwords on network devices and have procedures in place to ensure that accounts and devices are audited, unused accounts are disabled and that you have a response plan for compromised accounts.
2. Spear phishing
Spear phishing is a phishing method where the hacker targets specific people or groups in your organisation, in order to extract payments or gain access to systems. They will often target small to medium organisations, gather contact details and then send a fake email to the organisation. A common example is an email sent to the accounting department, posing as the company owner and asking for an immediate payment to be made. They can send fake invoices and sometimes will have email conversations with the unsuspecting member of staff.
How to protect against spear phishing: ensure your users undertake cyber security training that can include phishing and spear phishing simulation training.
From an organisational perspective, you should ensure you have processes in place that verify payments by senior members of the accounting department. You can also implement spam filtering and email protection services.
3. Phishing and smishing
One of the most common causes of usernames and passwords being compromised is when users themselves are fooled into giving away their password or other sensitive information.
The common way an attack like this occurs is via email (phishing). The same method is becoming more common via text message (smishing). The email or message will look like it has come from a trusted source, such as Microsoft 365, usually with a link they ask you to click. The link will lead to a website that is spoofed to look identical to the official Microsoft 365 login page. However, the username and password will be sent directly to the hacker or spammer.
How to protect against phishing and smishing: A variety of steps should be taken by organisations to reduce incidents. These include cyber security awareness training for staff, anti-malware and anti-virus protection, email filtering services, DNS-level protection and limiting administrative access on devices. You should also ensure you have secure backups and should regularly review your contingency plans and disaster recovery plans.
4. Malware
Malware is software that is designed to destroy and damage computers and computer systems. It includes viruses, spyware, adware and ransomware.
You can be infected with malware in a variety of ways such as spam emails with malware attachments, legitimate websites that have been compromised or when searching for software or other media online.
How to protect against malware: A variety of steps should be taken including user education, endpoint detection and response services, content filtering on your network, DNS-level protection and limiting administrative access on devices. Secure backups and disaster recovery plans are also essential.
5. Insecure systems
Insecure systems include any system that is used on your network that has not been updated and can leave you open to an attack. For example, you may have a CCTV system that allows remote access to view camera footage and the system may only have limited security features if it was supplied as a low-budget solution. If a hacker finds your CCTV login page, they may be able to spend days or weeks guessing passwords until they can gain access, which would be a significant breach of data protection.
Other insecure systems include software and systems that are only compatible with old versions of operating systems, especially when the operating system no longer receives security updates.
How to protect against insecure systems: the first step is to ensure you have audited all of the systems on your network. The next steps are to check the systems are updated and supported by the manufacturer or service provider. You should ensure any systems with remote access are audited, restricted and that users with access are required to use multi-factor authentication. The systems should also be segregated on your network.
Conclusion
This is a brief summary and there are nuances to each item listed, as well as many additional cyber security risks that we haven’t covered. Our general recommendations are below, which is from a top-level perspective, showing the steps you should be taking:
- Follow best-practice for the management of IT systems, devices, users and accounts
- Implement policies and procedures for the management of your IT systems
- Implement and test your disaster recovery plans
- Implement cyber security safety training for all staff
- Use trusted IT partners to install and manage your network, software and services
- Purchase cyber security insurance (which itself will require you to follow best-practices for managing your IT systems)
How we can help
As an IT partner to organisations across the public and private sectors, we help implement improvements in cyber security that make organisations safer and better able to respond to incidents. Contact us today to discuss your cyber security or arrange a cyber security audit.