Tips for protecting against cyber attacks

All businesses, large to small, face risk in today’s connected world.

Cyber attacks are affecting companies of all sizes, with smaller companies possibly at higher risk if they don’t think it can happen to them and don’t take precautions. In addition, cybersecurity has become more complex as malware attacks have continued to skyrocket, with ransomware leading the charge.

Routine data backup is the most effective counter to any ransomware demand, said Scott Schober, president and CEO of Berkeley Varitronics Systems. “User behavior has not changed fast enough to keep pace with the onslaught of attacks.”

Effective cybersecurity also requires everyone to participate. Key steps include cyber awareness training for all employees and good cyber-hygiene throughout all levels and departments, in the office and at the jobsite.

Firms must be proactive and diligent, putting basic controls and protocols in place. These include the following actions:

• Create a regular backup plan for all data stored offsite.
• Use only name brand security software that automatically updates on every computer, tablet, and laptop to combat the latest threats.
• Update all operating systems regularly and never use unsupported, outdated software.
• Verify that all firewalls have the latest security patches installed.
• Ensure all network mobile devices have both hardware and software encryption with a long and strong password or PIN required for access.
• Verify the Wi-Fi network within the company and at the jobsite is secure, encrypted, and has a long and strong password. Set up Media Access Control (MAC) filtering to accept only pre-approved employee devices.

Reinforce these controls and protocols through regular training sessions to help all employees so that “thinking cyber” becomes part of everyone’s daily job requirements. “By raising awareness, employees will realize the importance of slowing down to question anything that seems a bit off,” Schober said.

A new cybersecurity mindset

With the increasing use of cloud computing and storage, widespread acceptance of Internet of Things (IoT), as well as the growing number of systems, remote users, and big data sets within organizations, today’s business environment and security risks have evolved enormously and require a shift in our cybersecurity mindset and practices. The Identity Management Institute, a global organization dedicated to identity governance, risk management, and compliance, offers the following statistics and tips:

Collect and share data responsibly — Big data will grow faster than ever before. By 2020, every person online will create roughly 1.7 megabytes of new data every second, and that’s on top of the 44 zettabytes (44 trillion gigabytes) of data that will exist in the digital universe by that time.

Protect your data with access controls, monitoring, and

encryption — With the steady growth of data produced by IoT and social media, businesses will be turning to artificial intelligence (AI) and machine learning to process, trend, and analyze the information. The use of AI is expected to double in one year.

Connect devices selectively and monitor their activities — The number of IoT devices is expected to increase from 23 billion in 2018 to 31 billion in 2020 and 75 billion in 2025. These devices will be increasingly interconnected, loaded with data, and accessible from the internet.

Engage the best cloud security solutions and experts — Eighty-three percent of enterprise workloads will be in the cloud by 2020. It is estimated that 41 percent of enterprise workloads will be run on public cloud platforms, 20 percent on private-cloud, and 22 percent running on hybrid cloud platforms by 2020. On-premise workloads are predicted to shrink from 37 percent to 27 percent by 2020.

Be mindful of privacy laws — Data breaches are down year-over-year. Only 1.4 billion records were exposed in 686 breaches reported between Jan. 1 and March 31, 2018. Unauthorized access has held its spot as the most common breach cause. Skimming, inadvertent disclosure, phishing, and malware rounded out the top five, just as they did in 2017.

Embrace identity and access management solutions like advanced multi-factor authentication (MFA) and identity life cycle

management — The MFA market is expected to reach $9.60 billion by 2020, growing at a rate of 17.7 percent between 2015 and 2020. Two-factor authentication dominates the MFA market with the highest market share.

Keep up with technology to stay ahead — Nearly 90 percent of businesses will use biometric authentication by 2020. Fingerprint scanning is currently the most common type of biometric authentication, used by 57 percent of organizations. Large companies are in fact trying to eliminate the use of passwords completely because 81 percent of hacking-related breaches leverage weak passwords or stolen passwords in social attacks such as phishing and pretexting in 43 percent of hacking cases.

Audit vendors and treat your security organization as a profit

center — Sixty-three percent of all cyber attacks could be traced either directly or indirectly to third parties. Organizations increasingly audit the security of their business partners due to expanding regulations and data breach incidents. More than 50 percent of global customers will reportedly cease to do business with hacked organizations.

Looking ahead

While cybersecurity concerns are complex today, they will continue to grow as technology continues to evolve and impact organizations at every level. Every company that is connected to the internet is a potential target for hackers. Taking the time now to invest in cybersecurity training and prevention methods can help ensure your company and jobsites remain safe and secure in the future.

Information provided by the Association of Equipment Manufacturers (www.aem.org), the North American-based international trade group representing off-road equipment manufacturers and suppliers; and the Identity Management Institute (IMI; www.theimi.org), which offers professional certifications in identity and access management, identity theft, and data protection. IMI introduced a new study guide and examination for the Certified Access Management Specialist (CAMS) Program. CAMS is designed for professionals who are engaged in information security operations to manage access, strengthen data governance, reduce risks, and ensure compliance.