Assessing your risk in the New Year

This is the season for look-backs and look-forwards to what is/was big in every aspect of life and business. Cybersecurity features heavily in these articles, naturally, because effective cybersecurity can the thin line between chaos and order in a world that relies ever increasingly on computer systems and the internet.

I’m not going to rehash these various lists for you. I will however give a few examples to show that the key to effective cybersecurity is not necessarily an awareness of the total threat landscape. Understanding how your network and specific business processes are threatened, and tailoring security architecture, policy and practices are the crucial elements to threat prevention.

 Three things to watch out for in 2020:

Deepfake phishing

If you receive a phone or skype call from your CEO asking you to make a bank transfer, or reset a password, are you absolutely sure it’s really them? What other procedures are being followed to make sure that even if one employee is fooled, that nothing bad happens? Let this CEO’s experience in the UK be a lesson to you.

And if we expand the definition of ‘deepfake’, are you certain that the invoice you receive from a supplier is genuine, even if it’s expected? Even Google and Facebook were scammed by this trick.

To help mitigate this risk, making sure someone in IT is keeping track of latest deepfake attempts. You can also ensure your system is not harboring any nasties through a penetration test, and consider behavioural analytics to help quarantine unusual requests. Also, keep your users updated, through best practice training on how they can help protect their accounts and your network by exercising extra vigilance. 

External attack surfaces on the up

In an ever more connected world, it’s easy to see how new entry points for malware into your network can be overlooked. As ZDNET state in their article on hacked smart devices, the average home in the US has 17 smart IoT devices. Some of these personal internet enabled devices might start popping up in the office environment – invariably without the knowledge of the IT Security team.

The growing number of Software-as-a-Service business tools for everything from holiday booking to project planning may seem like a secure way to carry out business tasks, but your users may well be using the same password for all accounts. Employees tend to follow the path of least resistance, and a breach of one provider could turn out to be an easy way into your email system and more.

Create a security policy for all internet devices, which clearly defines what is allowed and what is not on the company networks. Consider creating a separate network for non-essential devices to connect to. And consider using a reputable password manager company-wide, one that simplifies signing in and ensures passwords are unique.  

More targeted ransomware

As the recent attack on Travelex demonstrates, ransomware isn’t going away. Many attacks are now being targeted at the “can and will pay” organizations such as local government agencies and healthcare providers.

Protection from ransomware is about much more than good anti-malware software, none of which can be 100% effective. Intrusion prevention and detection, software and OS patching, training users to spot phishing emails, and a good backup strategy are the minimum additional measures that should be taken.

To effectively protect your company from all these threats, TBG Security recommends a risk assessment. This can only be truly effective when carried out with the assistance of third-party experts. Otherwise you’ll either be missing the crucial things you don’t know you don’t know, or you’ll be marking your own homework. 

Here’s where TBG Security can help.  They understand that it is an organization’s network security architecture, technology policies and management practices working together which effectively mitigate risk. And if you need to go for compliance, or are dabbling with the thought of it, a risk assessment is the place to start.

Want to know more about how risk assessments? Get in touch with TBG Security today.

Previous Article(Internet of) Things Change, and Not Always for the Better Next ArticleBackup Strategy in six points (and a free mnemonic)