A little tough love on IT security

  • January 02, 2019
  • |
  • Posted by Krissy Keel

Technology is amazing! There are eye-tracking keyboards for folks with disabilities, robots that can parkour, and 3D printed houses! Unfortunately, the other side of the spectrum is bad guys making viruses, malware, and all sorts of nefarious technology for nefarious purposes. You might think we're being a bit paranoid, but we witness firsthand the impact of malicious emails, ransomware, account compromises, and more on our clients. We don't want it to happen to anyone else!

In our client base alone, security-related tickets have increased about 200% each year since 2016. Our engineers estimate that about 90% of these are preventable with the right measures. Outside of our client base, small and medium businesses are the biggest target, with two thirds of all cyberattacks directed there (and 60% of those companies go out of business within a year of a breach).

So you might not have thought IT security was relevant or applicable to your business, but we're going to give you some tough love today: it is. You're a target, and you need to protect yourself. Think of us like a protective parent (dad jokes included), watching out for you. The below items are what we see as the biggest risks that everyone absolutely needs to take into consideration when planning their IT and capital budgets. 

Biggest risks

Email Phishing

We've talked about email phishing before, and we'll keep talking about it because it's a real risk. These emails try to get you to give up login information, download a malicious file, or wire money directly - all through the power of social engineeringAs of 2017, 93% of all malware attacks are via email, and the average user receives 10-15 malicious emails per month. That math doesn't sound desirable. 

Theft & Loss

Imagine this scenario: you go to the park with your kids after work, forgetting that you left your work laptop in your car. When you return to your vehicle, your window's been broken, and the laptop stolen. It can happen (and has happened) to the best of us. Is the data stored on your laptop secure? Do the files accessible from your laptop contain sensitive information? 56% of reported lost or stolen laptops have resulted in a data breach. Data encryption and cloud storage are the easiest ways to mitigate this, but most folks don't consider that option until they've already experienced a theft or loss. 

Credential Compromise

Scammers frequently try to skim your login and password information through email phishing or rerouting websites. For example, you could enter your email and password information on an exact replica of the O365 login page, and voila! The scammer has your password. Credentials are also sold on the dark web after data breaches, and scammers may try to use passwords found there with other email addresses you own. An easy way to counter this is to have different passwords for your accounts, and keep track of them through platforms like LastPass. We'd also highly recommend multi-factor authentication wherever the option is available. It might be a pain in the butt to set up, but nothing like the pain of trying to recover a compromised account.

Shadow IT

When someone at your company uses technology without formal approval (or without telling anyone), it's called Shadow IT. This can be as simple as using a personal Google Drive when your company uses Dropbox, but it's incredibly risky. A few years ago, a Washington Health and Human Services employee used their personal laptop for business purposes, which did not have the same security as issued machines. As a result, when this laptop was stolen (see theft above), the sensitive data of over 5 million patients, including children, was compromised. 

Ransomware

This is a type of malware that encrypts your files and holds them hostage for, well, a ransom. Ransomware ends up on a machine through email phishing or other types of social engineering, like posing as an IT support person over the phone to gain remote access to a network machine. Ransomware has gone down in frequency, but increased in price and variety - meaning attacks are more targeted, specific, and sophisticated. If you're in the healthcare industry, you have a 50% chance of being a target of a ransomware attack. Simple protections like server and file backups can help with this, but ultimately ransomware can be mitigated with some employee education (cue the next section).

Employee Education

We've saved the most important (and the most challenging) for last. Statistics vary from year to year, but between 80-90% of successful security attacks involve human error. You can have the biggest, most high-tech locks on your front door, but if you open the door for a burglar, the locks aren't much good. As a reminder, the DNC hack was the result of one user's error - if it can happen to them, it can happen to your business too. The best way to mitigate all the risks we've talked about is to continually educate your employees on your security standards and acceptable use practices. Companies like KnowBe4 and Terranova aim to help business leaders train their employees in a way they won't hate

Do it now, please

As technology evolves, so will the sophistication level of cyberattacks. It's unlikely that the Boston parkour robot will steal your credentials, but someone else will try. We're using our parent voice right now - please talk to your IT provider* about what measures are in place to prevent against these types of risks. If you don't, we won't be mad - just disappointed. 

*Author's note: Hey clients! Did you know that we have an Advanced Security package to mitigate all of these factors (and more)? We even do HIPAA compliancy! Get in touch and we can get you set up.

A little about us:  Dynamic Computing provides managed IT services, IT support, IT consulting, & cyber security services to top performing small to mid-sized businesses in the greater Seattle area.  We're focused on being the premier managed IT services firm in the Pacific Northwest, and we act as a complete IT solution for companies who don't have internal IT departments.  Our clients typically range from 10 to 200 employees and we work primarily with professional services firms in the Puget Sound Region.