How valuable is your data? If you store personally identifiable information, such as Social Security numbers, protected health information under HIPAA, and even more mundane information such as dates of birth and e-mail addresses about your employees, clients, or consumers in your computer systems, then your data has immense value, making you a prime target for cyberattack. The more records you have, the more appealing a bullseye you become. Law firms offer a veritable feast of data, as they store confidential and proprietary information about businesses and their trade secrets and transactions.
Unfortunately, too many organizations are unprepared for potential attacks, and most don’t recognize them until it’s too late. In the average attack, it takes hackers mere hours to access and steal data, while the victimized organization does not discover the attack for months, if at all. Therefore, organizations should take steps now to prepare by considering their susceptibility to the following risks, which are five trending sources of cybercrime in the last year.
- Software vulnerabilities: Over the last year, many attacks have occurred in organizations that lack strong firewalls and multiple levels of security. To prevent unauthorized access, organizations should continuously monitor their network security and ensure their firewalls cannot be disabled.
- Malware and viruses: Cyberthieves often rely on unsuspecting recipients to open tempting messages where threats lurk. Therefore, organizations should have the latest versions of antivirus software installed on their systems, conduct regular scans for malware and viruses, and update their virus definitions regularly.
- Unencrypted data: With the rise of BYOD, organizations need to encrypt all devices used for business, including smartphones, tablets, and laptops.
- Improper disposal of data: Organizations must erase all data before discarding old computer equipment. Don’t overlook digital printers and photocopiers, which are capable of storing hundreds of thousands of records.
- Messaging: Many people rely on mobile communications to share data, including personally identifiable information and protected health information. These messages can be intercepted when shared over public Wi-Fi networks, such as in airports, coffee shops, and hotels. Organizations should require their personnel to install secure messaging software on all devices used for company business.
All organizations should audit their systems and devices to make sure they have anticipated potential threats, analyzed likely vulnerabilities, and developed policies and procedures for protecting their data assets. They also need to confirm that all of their third-party technology vendors have a demonstrable commitment to data security and audit them periodically. Cybercrime is inevitable, but strategy and preparation can thwart attackers and mitigate the risks of data loss.
About the AuthorMore Content by Rachel Teisch