How to protect your organization from cyberattacks

Cybersecurity threats against businesses are nothing new.

We’ve known about phishing scams for years. We’re wary about opening email attachments from people we don’t know. We’ve got this, right?

Wrong.

“Hackers have become more sophisticated, more cunning, and more patient,” explains Denise Pheils, PhD, CISSP, PMP, an adjunct faculty member with the School of Business Technology at Capella University. “Cybercriminals often match our security measures tit for tat. The danger is many of us have become complacent to the threat. We think we’ve won. We haven’t.”

Pheils explains that what worked in the past to prevent hackers from infiltrating our technology is no longer sufficient. She stresses that one of the weakest links continues to be employees themselves. A lack of awareness and vigilance of the evolving threat from hackers is our greatest vulnerability.

She offers the following strategies to beat hackers at their own game.

Protect your smartphone

Most of us expect that the devices provided by our employers are equipped with anti-virus software and other technologies to prevent hackers from getting in. But did you know that the personal smartphone in your pocket is likely completely unprotected? When a smartphone is purchased, it typically does not come out of the box with anti-virus software. Now ask yourself, do you ever use your personal smartphone for work? Answer an email? Text your boss? That is a significant vulnerability.

“Many of us are using our smartphones for work, so we need to protect them accordingly, but we’re often not doing that,” Pheils says. “I strongly advise everyone with a smartphone to download an anti-virus app for their phone. They are often free and good options, including McAfee, AVG, and MalwareBytes.”

Verify, Verify, Verify

Remember the good old days when you received a suspicious email from someone you didn’t know with a weird attachment and you would instinctively delete it because of the obvious threat? Alas, it’s not so simple or clear cut anymore. Today, hackers have become adept at hacking into the email accounts of people that we know well to impersonate them in email correspondence. Now what do we do?

“In the past, we used to tell people not to open an attachment if you don’t recognize the sender,” Pheils explains. “Now, because hackers have gotten so sophisticated, we really have to ask ourselves ‘Am I expecting this attachment?’ Even though this is clearly coming from someone I work with, does this feel off? If so, you would be wise to send them a separate email or give them a call to verify. Also, hackers can set up email accounts with names similar to the names of coworkers or supervisors, leading to the need to scrutinize the account the email is from and what it contains.”

And it’s not just email. Social media also presents a significant threat from hackers pretending to be people we know and trust. According to Pheils, the speed at which we all use social media makes the danger even more real.

“When we are rapidly scrolling through our Facebook news feeds and see something intriguing posted by one of our friends, that is a moment that is particularly vulnerable,” Pheils says. “We are just so quick to click on social posts, and therein lies the threat. We need to ask ourselves, ‘Does this seem out of character for this person? Would they normally post something like this?’ If anything seems suspicious, don’t click it. We need to slow down on social media. We need to be critical and skeptical of every post.”

Beware the C-suite

Hackers are no dummies. Like most thieves, they are typically after the big prize. Sometimes that big prize is data, like millions of social security numbers or some particularly valuable piece of proprietary information. But sometimes, the goal is hacking into the accounts of top executives, whose knowledge and influence is of huge value in itself. Unfortunately, many executives feel they would never fall for a hacker’s schemes, or they are overly confident in the protection provided by their information security infrastructure. That’s a dangerous way to think.

“CEOs and other senior executives often just don’t think it will happen to them, or that they are so savvy that they could never be a victim,” Pheils says. “I say never underestimate a hacker. It’s how they came up with the terms spearfishing and whaling, which means going after those corporate leaders. If you are coaching the c-suite or in the c-suite, know that you are in the bullseye. You are the high-value target and need to be hyper vigilant.”

More resources

This just scratches the surface of the cyberthreats we all face and how we can combat them. For more information and tips on how to protect yourself and your organization, visit Nist.gov, CISecurity.org, or DHS.gov.

Dig deep into the cyber threats we all face and how to combat them with Information Assurance and Cybersecurity programs at Capella University.