"Cybersecurity." It's a phrase echoing through the halls of nearly every major industry at the moment, and rightfully so: Many organizations are unaware of their vast vulnerabilities to a data breach, and few have a plan in place to prepare for a cyber attack.

As a principal in Rehmann's consulting department focusing on IT security assessments, companies hire my team and I to attempt to hack into their systems and identify vulnerabilities to cyber attacks. One of my team members is a certified ethical hacker — and yes, for those of you jumping onto Google to run a search, it is a real certification.

Having performed assessments for organizations throughout the country, one thing is certain: Nearly every organization my team has assessed is vulnerable in some way. High-profile cyberattacks on Sony Pictures and the Democratic National Committee show that even large, sophisticated organizations can be breached.

No business is immune

Cases range in scale and level of vulnerability, but the majority of companies we have encountered have had an opportunity to do more to protect themselves, their clientele and stakeholders.

Typically, the biggest risks in computer security lie with the user rather than the provider. Think about it this way — if employees have access to an internal system on their mobile devices, what happens if that device is lost or stolen? All companies should ensure they have the ability to erase the data remotely in case a device is lost or stolen.

It is also critical to keep your software systems patched — as software companies release new updates and "patches" to safeguard against known vulnerabilities, companies using the software should download and apply them in a timely manner. 

When it comes to employee training, be sure to encourage employees to create strong passwords that are updated regularly and kept confidential. Two-factor authentication is also an option — it requires users to provide two types of identification — a password and a fingerprint, for example — to access an account. This helps prevent the success of phishing and malware attacks and protect users' credentials.

Cyber attacks take on myriad shapes, sizes and appearances. Some of the more common attacks to look out for include the following…

Cyber attacks take on myriad shapes, sizes and appearances. (Photo: iStock)

Cyber attacks take on myriad shapes, sizes and appearances. (Photo: iStock)


System breaches

System breaches, or account takeovers, take place when cyber criminals steal access to a system through account passwords and credentials, then begin executing fraudulent transactions. Methods vary — in some instances, system breaches involve keylogging software that records a user's keystrokes and sends them to the thief. It's also common to see "phishing" emails that are designed to trick legitimate users into sending credentials to a bogus email account or entering them on a fake website.

DDoS attacks

Some days it feels impossible to keep up with all the emails. It's like you've received a million emails all at once. For victims of a distributed denial of service (DDoS) attack, that perception becomes a reality. In addition to overwhelming the server, other common results of DDoS attacks include degradation of web or email resources, slow network performance and the inability to access some network resources. DDoS attacks often run the course of several hours, enough of a distraction that fraudulent transactions can take place undetected.

Crimeware

You've likely heard of malware — enter crimeware, a unique form that installs itself on computers when users download files that seem innocuous, but are designed to do damage to your device.

While malware originally was created by those acting out of curiosity or in search of notoriety, the goal of crimeware is financial gain. Crimeware is any program or set of programs designed specifically to steal information online.

More often than not, crimeware programs are Trojans, which computer security software company Intel Security describes as follows:

"Trojans are usually disguised as benign or useful software that you download from the Internet, but they actually carry malicious code designed to do harm — thus their name."

After taking root on your device, the Trojan can log everything you type, take screenshots of the websites you visit and steal personal information. Employee usernames, passwords credit card numbers and more can be accessed by hackers once a Trojan has been installed.

With so many cyber threats in existence, protecting your company can seem an insurmountable task. Here are four basic steps to get started:

        1. Develop, implement and regularly test a cybersecurity action plan, ensuring your organization is prepared to fight the next potential breach.
        2. Host employee training sessions to ensure the entire team is well-versed on the plan, and knows how to report security threats.
        3. Protect against hackers looking to take advantage of software malfunctions by deploying patches as soon as they become available.
        4. Leverage the tools at your disposal — use all built-in security features on your devices and online systems.

Remember — hackers are after companies of all shapes and sizes. Don't assume you're too small, or too far off-the-radar to fall victim. It's impossible to predict the next attack, but there are myriad ways to make sure you're prepared when it strikes.

Jessica Dore is a principal in the consulting department at Rehmann Corporate Investigative Services. She can be reached by sending email to jessica.dore@rehmann.com.

The opinions expressed here are the writer's own.

See also:

NOT FOR REPRINT

© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.