Cybercrimes are on the rise and predicted to cost the world $6 trillion in losses annually by 2021. From ransomware to social engineering to email compromise, cyberattacks represent the greatest threat to businesses of all sizes and the largest transfer of economic wealth in our history.
A look at some of the top news stories the past year illustrates just how widespread cybercrimes have become across the globe. Cybercriminals are targeting not only the largest corporations but have continued to head downstream to the middle market and small business. In fact, according to recent cybersecurity industry reports, thirty-one percent of all organizations have encountered cyberattacks on their operations technology at some point.
Understandably, cybersecurity is continuously changing in response to persistent threats that have become more and more sophisticated by the day. Many cyber attackers use readily available hacking tools found on the Internet as well as the most advanced methods shared on the dark web. This current environment is keeping cybersecurity professionals on their toes, so hackers can’t remain a step ahead.
There are many ways that businesses can improve their cybersecurity—some with a cost and others at no expense at all—by implementing a wide range of security initiatives across an environment. While there are security measures that will need to be budgeted for and funded, several can be deployed with a simple fix whether your organization has a dedicated security team or not. Large or small, here are a few strategies to start with today.
A common approach seen in most industries is to give users full permissions to everything across the board and then reduce their rights from there. Unfortunately, a user’s permissions can be used against the company during an attack involving social engineering, ransomware or other methods. To help reduce this risk, most users should have rights to a very limited set of files and even fewer folders, if any at all. With reduced permissions, there’s a much smaller number of files to worry about if there is a ransomware attack or something else happens.
Although sometimes tough for middle market companies, users should never have administrative rights to their workstations. If a hacker can gain access on behalf of the user through a social engineering attack for example, they will then instantly have local admin access on the entire system. This is a case where a hacker could use an access point as the launching place for their lateral move throughout the whole network.
Most importantly, take the extra time to educate your users. Social engineering is the favorite tool of the lazy hacker because they don’t need to do the work if they can get someone else to do it for them. For this reason, you must arm your users with the training and top-of-mind awareness to keep the bad guys at bay. Use your existing training material and double-down on your user training. Make cybersecurity a top of mind issue at your company and lead the charge.
For additional information, download RSM’s e-book- 15 ways to improve your cybersecurity without spending a dime!