Top 5 tips for preventing cyberattacks and ransomware

January 06, 2022 | SECURA Insurance
person typing on laptop keyboard

As the use of technological devices becomes an increasingly integral function of our daily lives and how we complete our work, it can be difficult to remember all of the potential dangers and risks that you are exposed to. 

Below is a list of the top five cyber security threats and what you can do to prevent them from affecting you and your business.

1. Phishing

Phishing is the most common and easiest method to attack companies online. There is an increasing trend in texting/SMS attacks on employee’s mobile devices. The best way to prevent phishing is by bringing awareness and training employees about the dangers.

2. Sophisticated Malware/Ransomware

Ransomware continues to be the most common method for bad actors to monetize a breach. Bad actors are a cybersecurity adversary that are interested in attacking information technology systems. Keeping the patches current on desktops, laptops and servers is the best method to stop malware/ransomware. It’s also important to maintain multiple backup copies of your critical systems/data.

3. Employee Credentials

On the dark web, bad actors are able to buy the User IDs and passwords of your employees from personal websites. Many employees will use the same User ID and password for work as they do for social media and other sites. This can cause easy access for hackers. If available, turn on multi-factor authentication (MFA) on services, websites and applications as an extra layer of protection.

4. Business Email Compromise (BEC)

Business email compromise occurs when a bad actor gains access to an employee’s email inbox and is able send emails to their contact list. THis is typically used for wiring or transferring funds between executives and the finance department. The best defense is to implement business processes that not only trusts email communications, but also has other checks/balances.

5. Software/Cloud Configuration

Software/Cloud configuration is sometimes called an “Insider Threat”. Typically, it is unintentional human error. Some of the new software services are configured to make your data public and configuration is needed to protect your data. A good way to prevent this is by implementing more controls on privileged users, such as extra monitoring or change control.