7 ways to destroy a business in one click

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2024-01-15 16:39

One malicious email and a naive employee can cost your company money or reputation. Together with Microsoft, we will tell you about what cyberhygiene rules you need to talk to your team about.

Find even more tips on how to protect yourself from digital threats.

New types of cyber threats are emerging every day. It may seem that hackers and scammers are only after the giants of the market. But this is not the case. 63% of all attacks target small businesses, and 60% of small businesses shut down after a cyber attack. Moreover, the victims of the attacks are not necessarily Silicon Valley startups. The Prosecutor General's Office of the Russian Federation recorded 180,153 cybercrimes in the first six months of 2019. And this is 70% more than in 2018.

Even if you have an entire IT department and antiviruses are installed on all computers, this is not enough for reliable protection. In addition, there is always a human factor: the wrong actions of employees can lead to a digital disaster. Therefore, it is important to talk to your team about cyber threats and explain to them how to protect themselves. We have collected seven situations in which one person's indiscretion can cost your company dearly.

1. Clicking on a malicious link

Situation: an email is sent to the employee's mail, which looks like a regular mailing from a familiar addressee. The letter contains a button that leads to a site that does not arouse suspicion in a person. The employee follows the link and is redirected to the scam site.

The described mechanism is the so-called phishing attack. Microsoft research says this is one of the most common fraudulent schemes. In 2018, the number of such attacks increased by 350%. Phishing is dangerous because it includes elements of social engineering: attackers send emails by email on behalf of a company or a person whom the victim surely trusts.

Fraudulent schemes are becoming more and more sophisticated: attacks take place in several stages, and emails are sent from different IP addresses. A phishing email can even be disguised as a message from a company executive.

In order not to get caught, you need to thoughtfully read all letters, notice discrepancies in one letter or symbol in the address, and in case of any suspicions - contact the sender before doing something.

2. Downloading an infected file

Situation: the employee needs new software to work. He decides to download the program in the public domain and ends up on a site where malware pretends to be useful software.

Viruses on the Internet are often disguised as working software. This is called spoofing - falsifying the purpose of a program in order to harm the user. As soon as an employee opens the downloaded file, his computer is at risk. Moreover, some sites automatically download malicious code to your computer - even without you trying to download something. These attacks are called drive-by downloads.

Further consequences depend on the type of virus. Ransomware used to be prevalent: it blocked the computer and demanded a ransom from the user in order to return to normal operation. Now, another option is more common - attackers use other people's computers to mine cryptocurrencies. At the same time, other processes slow down, and system performance decreases. In addition, having access to a computer, fraudsters can obtain confidential data at any time.

Artyom Sinitsyn Director of Information Security Programs in Central and Eastern Europe, Microsoft.

Company employees should be aware that working software cannot be downloaded from the Internet. People who post programs on the Web do not bear any responsibility for the safety of your data and devices.

One of the first rules of cybersecurity is to use licensed software. For example, it provides all the solutions you need for your business, while guaranteeing complete protection of your information.

Not only is it secure, it's also convenient: With Microsoft 365, you can use all Office apps, sync your Outlook email with your calendar, and keep all your important information in the 1TB OneDrive cloud.

3. Transferring files over insecure channels

Situation: an employee needs to share a work report with confidential information with a colleague. To make it faster, he uploads the file to social media.

When employees find it uncomfortable to use corporate chats or other office software, they look for workarounds. Not to intentionally harm, but simply because it is easier that way. This problem is so widespread that there is even a special term for it - shadow IT. This is how they describe a situation when employees create their information systems contrary to those prescribed by the company's IT policy.

It is obvious that the transfer of confidential information and files via social networks or channels without encryption carries a high risk of data leakage. Explain to employees why it is important to adhere to protocols that are controlled by the IT department so that in the event of problems, employees will not be personally responsible for the loss of information.

Artyom Sinitsyn Director of Information Security Programs in Central and Eastern Europe, Microsoft.

4. Outdated software and lack of updates

Situation: the employee receives a notification about the release of a new version of the software, but all the time he postpones the update of the system and works on the old one, because there is “no time” and “a lot of work”.

New software versions are not only bug fixes and beautiful interfaces. It is also the adaptation of the system to the threats that have arisen, as well as the overlap of information leakage channels. A report from Flexera that it is possible to reduce system vulnerability by 86% simply by installing the latest software updates.

Cybercriminals regularly find more sophisticated ways to hack into other people's systems. For example, in 2020, artificial intelligence is used for cyberattacks, and the number of hacking of cloud storage is growing. It is impossible to provide protection against a risk that did not exist when the program exited. Therefore, the only chance to improve security is to work with the latest version all the time.

The situation is similar with unlicensed software. Such software may lack an important part of the functions, and no one is responsible for its correct operation. It is much easier to pay for licensed and supported software than it is to risk critical corporate information and jeopardize the operation of the entire company.

5. Using public Wi-Fi networks for work

Situation: employee works with laptop in a cafe or airport. It connects to the public network.

If your employees work remotely, brief them on the dangers of public Wi-Fi. The network itself can be a fake, through which scammers steal data from computers when trying to connect. But even if the network is real, other problems may arise.

Andrey Beshkov Head of Business Development at Softline.

As a result of such an attack, important information, logins and passwords can be stolen. Scammers can start sending messages on your behalf and compromise your company. Connect only to trusted networks and do not work with confidential information over public Wi-Fi.

6. Copying important information to public services

Situation: the employee receives a letter from a foreign colleague. To understand everything exactly, he copies the letter to the translator in the browser. The letter contains confidential information.

Large companies develop their own corporate text editors and translators and instruct employees to use only them. The reason is simple: public online services have their own rules for storing and processing information. They are not responsible for the privacy of your data and may transfer it to third parties.

You should not upload important documents or fragments of corporate correspondence to public resources. This also applies to services for literacy testing. There are already cases of information leakage through these resources. It is not necessary to create your own software, it is enough to install reliable programs on work computers and explain to employees why it is important to use only them.

7. Ignoring multi-factor authentication

Situation: the system prompts the employee to associate a password with a device and a fingerprint. The employee skips this step and only uses the password.

If your employees don't store passwords on a sticker glued to the monitor, that's great. But not enough to eliminate the risk of loss. Bundles "password - login" are not enough for reliable protection, especially if a weak or insufficiently long password is used. According to Microsoft, if one account falls into the hands of cybercriminals, then in 30% of cases they need about ten attempts to guess the password for other human accounts.

Use multi-factor authentication, which adds other checks to the login / password pair. For example, a fingerprint, Face ID, or an additional device that confirms login. Multifactor Authentication protects against 99% of attacks aimed at stealing data or using your device for mining.

Artyom Sinitsyn Director of Information Security Programs in Central and Eastern Europe, Microsoft.

To protect your business from modern cyberattacks, including phishing, account hacking and email infection, you need to choose reliable collaboration services. Technologies and mechanisms for effective protection must be integrated into the product from the beginning in order to use it as conveniently as possible, without having to make compromises in digital security issues.

This is why Microsoft 365 includes a range of intelligent security features. For example, protecting accounts and login procedures from compromise with a built-in risk assessment model, multi-factor authentication for which you do not need to purchase additional licenses, or passwordless authentication. The service provides dynamic access control with risk assessment and taking into account a wide range of conditions. Microsoft 365 also contains built-in automation and data analytics, and also allows you to control devices and protect data from leakage.