How to Prevent Cyberattacks from Inside Your Business

October 11, 2022

It’s not just up to the IT department anymore

It’s Cybersecurity Awareness Month, and with this year’s theme, “See Yourself in Cyber,” the focus is on what individuals can do to protect the organizations they work with from the downtime, potential data (and customer) loss, reputational damage and considerable costs involved in a cyberattack. And those costs add up – now averaging $4.2M for a data breach. Ransomware attacks are out of control, increasing by 60 percent since last year, and experience has shown that paying the ransom doesn’t mean a company will get their encrypted data back.

Worse yet, the cyberattacks keep coming and are evolving in their sophistication. Many organizations, including SMBs, simply aren’t prepared. There are 30 million SMBs in the U.S., and more than 66 percent of them experienced at least one cyberattack between 2018 and 2020. According to a recent study from UpCity, only 50 percent of SMBs have put together a cybersecurity plan, and just 43 percent of small businesses say they feel they’re financially prepared for a cyberattack in 2022. This is especially alarming, since the costs and loss of business involved in an attack put many SMBs out of business, period. And once hit with a cybersecurity attack, a company goes offline for an average of 22 days, resulting in revenue losses ranging from $10,000 per hour for small businesses to more than $5 million per hour for large enterprises.

It’s not just up to the IT department anymore

Of course cybersecurity is technical, and many companies depend on their IT departments to handle it, but that doesn’t mean IT staff should shoulder cybersecurity responsibility alone. And in fact, they can’t. Smart organizations know that no one is 100 percent immune and accept that they probably won’t be able to prevent every single attack. Awareness and participation in cybersecurity best practices need to involve every member of your organization and become part of your company’s safety and privacy culture.

Because we’re all busy, pulled in multiple directions, using multiple devices and are so often in a hurry, it’s easy to overlook simple steps that can help to avoid a major a costly mistake. But a single cybersecurity breach can affect your entire organization.

Consider one of the biggest data breaches of 2021, when one stolen password allowed hackers to hack Colonial Pipeline and disrupt fuel supplies to the Southeast U.S. The attack occurred because the company was using a legacy virtual private network (VPN) that didn’t have multifactor authentication in place, which means it could be accessed via just the password without a second security step, such as a text message – a necessary process that most of today’s software employs.

In another example from this past September, hackers told the BBC that they carried out a cyberattack against Intercontinental Hotels Group (IHG) “for fun.” The hackers, a couple from Vietnam, accessed IHG’s databases and caused widespread problems for customers with bookings and check-ins – all because the couple easily found a (super) easy password: Qwerty1234. They at first wanted to attempt a ransom attack, but IHG’s IT team managed to isolate the company’s servers. So when that didn’t work to make money, they used a vindictive “wiper attack,” a type of cyberattack that irreversibly destroys data, documents and files.

Stay aware and take extra care before clicking

The FBI’s Internet Crime Complaint Center issued a public service announcement in May with updated statistics on business email compromise (BEC). These attacks use a variety of social engineering and phishing techniques to break into company accounts and trick employees – including high-level executives – into transferring large amounts of money to criminals. Between June 2016 and December 2021, the combined domestic and international losses amounted to US $43.31B. These scams frequently involve the use of social engineering techniques, such as spoofing and phishing.

Spoofing is when a criminal disguises an email address, sender name, phone number or website URL. They often feature just one letter, symbol or number that is different to convince someone they’re interacting with a trusted source. As examples, your employees might receive an email that looks like it’s from their boss, or a company they’ve done business with, such as a supplier – but it’s not.

Cyber attackers then use spoofing techniques to conduct phishing schemes and lure people to take the bait. The tricky emails might ask you to update or verify your personal or company information by replying to the email or visiting a website. In fact, 96 percent of phishing attacks arrive by email, and 74 percent of U.S. businesses have fallen victim to these attacks. Phishing has now become the most popular method of attack for hackers because it’s relatively easy to trick busy people into clicking on malicious links. And those copycat websites often disappear soon after they’re launched.

So the key is to look more closely at that URL before you click. That link inside the phishing email would take you to a spoofed website that often looks nearly identical to the real thing. If you then enter sensitive information such as passwords, credit card numbers or personal identifiable information (PII), they’ve stolen the credentials they want. Phishing has evolved to use similar techniques including vishing (scams over the phone, voice mail, or VoIP calls), smishing, which involves scams through SMS (text) messages, and pharming, scams that happen when malicious code is installed on your computer and redirects you to fake websites.

Remote work and using cloud services have also upped the chances of an attack

Because so many organizations, especially SMBs, rushed to make working from home and other locations a reality during the pandemic, a lot of security risks remain out there. The number of devices increased exponentially, creating a much larger attack surface for organizations, and making it tougher to keep a remote workforce secure. With one wrong download, a personal device can install malicious code, including spyware that can funnel company data when an employee opens business applications like email.

In addition, there’s been a huge increase in the use of cloud services, which also may not be fully secured. Now, more than ever, an organization is only as strong as its weakest link – and that can come down to one person and one bad click.

Tips to keep your cybersecurity strong

Of course you want to install firewalls to protect your organization and keep all software up to date – and patched whenever necessary. But you and your employees can also help prevent attacks by:

  • Using long passwords that combine letters, numbers and symbols, vs. words found in the dictionary
  • Requiring the use of VPNs for all remote workers
  • Adjusting security controls to the sensitivity of your various types of data with your company
  • Allowing access to only what employees need to perform their jobs by using least-privileged access
  • Making sure all devices – including smartphones, tablets and any IoT devices – are correctly secured, patched and managed by IT
  • Establishing systematic security checks for your business-critical applications
  • Educating your employees about social engineering and malware and how to identify trusted links
  • Monitoring and measuring compliance and governance and rewarding good security practices

If your IT folks are overloaded, we can help

At Konica Minolta, our All Covered IT services division offers anti-malware protection and other solutions to thwart attacks and help you stay in business-as-usual mode. Our anti-malware services provide:

  • Centralized security – because we handle all aspects of malware protection to streamline the process
  • Customized solutions – we design a protection plan that’s configured to meet your specific needs
  • Continuous monitoring – our software monitors your devices and systems 24/7
  • Regular updates – system-wide software updates occur automatically and routinely
  • Rapid response – our software addresses and removes threats as soon as they’re detected

We also offer Managed Security Awareness Training to educate, train and actually phish your users so that they can develop more sophisticated cybersecurity skillsets. Our training programs help users with the safe use of email, social media, company software, data management systems and more through personalized and engaging training methods.

As Cybersecurity Awareness Month continues – and beyond – we’ll post more blogs to help you stay on top of constantly evolving cyberattacks and ways to keep your business protected. At Konica Minolta and All Covered, we’re completely committed to helping our customers stay safe from threats during the digital transformation we’re all experiencing.

Find out more about our malware protection services here.

Konica Minolta

Konica Minolta aims to partner with clients to Give Shape to Ideas by supporting their digital transformation through its expansive Intelligent Connected Workplace portfolio. Its business technology offerings include IT Services, intelligent information management, video security solutions and managed print services, as well as office technology and industrial and commercial print solutions.