Confident that a cyber attack won't affect you? Think again, says Nandakishore Harikumar.
The ongoing global pandemic has resulted in a huge growth in cyber-attacks as well.
The massive digitalisation of our businesses became an opportunity for cyber-criminals to use the situation to their advantage.
Along with the lockdown, many offline businesses that had no choice but to go digital lacked an adequate level of preparedness.
Many organisations began functioning through the Work From Home mode and we witnessed ransomware attacks on major organisations though they had multiple cyber-security tools.
Clearly, a strategic approach from both the enterprise and employee level is needed to tackle this problem.
The recent report by Cybereason (a Boston-based cyber-security firm) states that 80 percent of ransomware attack victims face it repeatedly.
To combat the massive invasions on our digital platforms, we need to accept changes and adopt paradigm shifts in the way we think about cyber-space.
1. Myths about cyber-attacks
Data breach or ransomware is believed to not have a direct impact on a majority of the population.
We have to dispel this ignorance.
Cyber-attacks can impact those who maintain online wallets as well as a C-level employee in an organisation.
Cyber-security should be part of corporate culture as well as a personal habit.
2. Relevance of awareness
The attitude that 'this is not going to affect me' exposes you to cyber risks.
A feeble link in an organisation could be potential prey for a cyber-criminal or a ransomware group.
To avoid this situation, we need to be vigilant about weak links and foresee possible outcomes.
A phishing case doesn't need to come by e-mail. Recently, we have noticed a lot of phishing attempts covering distributors of COVID vaccines.
The busy lives we lead could cost us more if we don’t keep up with cyber-trends.
It's always better to take a suspicious look at the e-mails and messages we receive.
3. Constant updation
The fact that we give the least preference to our devices's security, whether it is our laptops, tablets or smartphones, can be detrimental.
The majority of these devices would take at least a week or more to update their software systems.
Often, users give cyber-criminals a chance to exploit the vulnerabilities in their device by not updating them.
Patch management and vulnerability intelligence can be only afforded by huge enterprises. Thus, medium and small-scale organisations must prioritise updates and patches on their tech stacks.
Along with business accounts, every individual user must install updates once it's available.
4. Password allocation
Most users tend to opt for the same password for every account they own.
Usage of both professional and personal passwords can lead to overlapping passwords.
For instance, a user may use their office password for their food delivery app account.
Under these circumstances, once a third-party breach takes place, criminals can gather the information and enable it for account takeovers as the same password applies for many platforms.
Users must ensure the improbability of such a lapse on their side and use multiple passwords that are changed regularly.
When a breached password is used by an employee, it puts an entire organisation at risk.
PII (Personal Identification Information), passwords and other credentials belonging to individuals have a huge demand in the dark web sales charts.
5. Backing up data
Users must backup their data regularly.
If their budget permits it, organisations should have multiple levels of backup for their important data. This will reduce the chances of downtime after cyber-attacks.
6. Employee training
Organisations should ensure that all employees, even the categories who won't be handling technology, are educated on the basic aspects of cyber-security.
Our organisation once came across a situation where an employee working in a prominent position in the finance department was unaware of his email being exposed 21 times in a span of 3-4 years.
7. Multi-factor security
Multi-Factor Authentication (MFA) is becoming a common feature.
It takes a few minutes for anyone to activate MFA for devices or e-mails. Still, it has been observed that many are reluctant to do so.
Prioritising ease of access could cost the user a lot more when it comes to their digital possessions.
8. Updated antivirus and firewall usage
These features are prerequisites for protection against any malicious cyber attempts by an outsider. Do ensure that the installation is processed by a trusted vendor.
9. Be alert on digital platforms
Users must try not to put much information in the public domain through various social media platforms.
A potential chance exists that a criminal could monitor their social media accounts and get a clear idea of their digital footprint.
Monitoring the privacy policies of these platforms comes in handy in reducing this risk.
10. Public and domestic Wi-Fi
Many users tend to sign into a random public Wi-Fi even if it's not urgent.
If using public Wi-Fi is required, it is advised to use a VPN to be sure that the data is encrypted.
For domestic Wi-Fi, avoid using the default user name and password for the router. Changing the Wi-Fi password regularly is mandatory.
Keep checking the updates on the router.
Nandakishore Harikumar is founder and CEO of Technisanct, a big data cyber-security firm.