An organization is only as secure as the weakest link in its cybersecurity chainmail—something that’s a much larger vulnerability today with more people working remotely. Information security functions best by limiting exposure to avenues of attacks—something that has become vastly more difficult in recent times. More concerningly, attackers have become much more deliberate in picking targets to attack, at a time when people are inundated with changes to the user interfaces on their apps and software. With so many elements to worry about, the threat of cyberattack can seem overwhelming. But never fear—here are some tips to help protect your business or organization:
1. Look out for phishing attempts
Phishing attacks are, in their simplest form, a malicious use of social engineering and false representation to trick people into disclosing sensitive, confidential, or personal information. For example: emails that appear to come from a service you might subscribe to (like Netflix, or Apple Music), claiming your account has been hacked and providing you with a (fake) link to reset your password. Unfortunately, a simple eye-test to safeguard against those attacks isn’t a reliable measure anymore—phishing attacks have gotten far more sophisticated, especially in a business context.
Educating the members of your organization about the types of phishing attacks they may be targeted with is a good place to start, but it’s not a complete solution either. There are myriad avenues of attack, and you’ll never be able to cover them all. Rather, the key to defending against phishing attacks is instilling a sense of vigilance (and even healthy paranoia) when it comes to credentials, sensitive information, and any major decisions or financial transactions. Where possible, institute a low-tech verification process (such as a simple phone call) or a two-person approval/authentication system to mitigate the effects of being compromised.
2. Protect your household members and home networks
Even if your own cybersecurity practices and protocols are robust, you’re still at risk if you share a network with other users (such as the other members of your household). This is particularly true for less savvy users (like young children) who may indiscriminately engage with websites, programs, and email. Moreover, devices on a home network tend to be “trusted” devices and not behind a firewall, which means a breach on any of them could provide the foothold in your home network to eventually gain access to your own computer.
Opting into sophisticated intrusion detection for home networks is an option (and might even be a necessary step for some), but even basic education for the members of your household can help reduce the risk of falling prey to these lateral cyberattacks.
3. Minimize third party applications, set policies, and educate accordingly
Companies have had to adopt all sorts of digital solutions, from virtual meeting software to cloud storage and applications, in order to function as a decentralized workplace. This has inevitably increased the number of points where individuals may be targeted by cyberattacks, and where breaches might occur.
Care should be taken to minimize extraneous and unnecessary applications or programs in order to combat this exposure. Moreover, the digital solutions which are adopted should be thoroughly vetted, and showcased to employees. This is particularly important so that attempts to spoof notifications or emails generated by these systems are thwarted by this working knowledge of how they work. For example, knowing that your organization doesn’t share invoices or important documents via direct sharing links through MS Teams or Dropbox is invaluable protection against phishing attempts of that sort. Knowing your organization never uses Dropbox for any purpose is even better!
4. Secure your system against drive-by downloads
In essence, drive-by downloads are system intrusions that happen without a user’s knowledge, action, or consent. The intrusions use flaws or exploits in applications, websites, or programs to download malicious code to your computer. Drive-by downloads may also occur when users interact with deceptive or misleading links, or download software from untrustworthy websites (which look innocent or safe).
The most straightforward way to combat this is to ensure your applications and web browsers are always up to date. Security vulnerabilities are patched quickly, so having the latest version of the software you’re using will help provide some protection against cyberattacks of this sort. An alternative or additional step is to work off a secondary profile on your computer which doesn’t have administrator access—this way, any attempts by malicious code or software to install itself on a system would fail because it wouldn’t be able to abuse administrator installation permission. And finally, it’s always best to exercise the utmost caution when downloading anything from unverified websites or programs.
5. Keep your eyes peeled!
Without sounding too paranoid, you should still be very careful with how and what you interact with in a digital space, especially when the welfare of your business is at stake. In an age where hackers and cybercriminals take the time to tailor their attacks to specific companies and individuals, it’s important not to underestimate the lengths that they’ll go to. Being forewarned is forearmed when it comes to cybersecurity, so be sure to help educate your employees and coworkers to ensure that even the weakest link in your defense is strong enough to withstand the predations of malicious actors!
Note: This is intended to be used as general information only and does not constitute security advice. Please consult an IT security expert for more information.
Freelance writer and communications professional at the University of Toronto. He’s an avid cinephile, voracious reader, and a terror at karaoke bars.