When it comes to digital threats, more and more types pop up as the years pass. Cyberattacks are done intentionally to gather intel from organizations or individuals mostly for financial gain, information theft (like social security numbers, addresses, and private documents), sabotage, and espionage. As of June 2022, there are several different sources of digital threats including, but not limited to, Malware attacks, Man-in-the-Middle attacks, Software Supply chain attacks, Password attacks, and Social Engineering attacks. Malware can be a simple link that someone clicks on or vulnerabilities in operating systems that install without the user knowing. Once installed on your device, it monitors everything and sends the data back to the attacker. Malware attacks include worms, spyware, ransomware, and the well-known Trojan virus. Social Engineering is similar to Malware but it affects people more on the psychological side, making you think you have done wrong and their offer is the only way/quickest way to correct it. Things like Scareware Security software, where the program does a fake malware scan and detects something in your device—despite there actually being nothing there. The scareware then asks for you to pay to have the fake threat removed, and if you go through with it, they now have your financial details and your money is good as gone. Software supply chain attacks can be malware that is pre-installed on cameras or USB drives—or even your cell phone and can compromise devices owned by third-party vendors. Man-in-the-Middle is essentially an eavesdropping attack, where the attacker is waiting in the server to either pose as the client and get information or gain access to a different server with much more information on it. Password attacks are another common one, where the attacker uses force (by trying many different passwords trying to get the correct one), uses common passwords to gain access to the network of a victim, or uses Social engineering to systematically get the correct password. This is why most sites ask you to change your password after so long, and to not use previously used passwords or use simple ones. ABCD1234 will no doubt get your accounts hacked, easily and quickly.

Here at this company, we begin our protection protocol with a simple plan: a very complicated password. It would probably closely resemble a license plate, with a few letters and a few numbers, in random order and would not be connected to any one employee. This password would only be known by the device user and we would never write it down- it’s up to the device user to memorize it. That way, if it were to be written down, it couldn’t get lost on a desk or placed in an easily accessible area. We also discourage any form of password sharing and an employee should never log in for guests, contractors, or new hires. In case any devices are stolen in a break-in, we also have ‘find my device’ programs on all company laptops, phones, tablets or devices, so that authorities can easily and quickly locate our property. The next step we have in place is encrypting all of our data and backing it up, then storing it separately so it’s not easily found by hackers if they got into our system. A major process we have is more aimed at our own employees, as no personal devices for work-related items. If you use a device for personal reasons (your laptop, mobile device, tablet) then that can not be used for accessing work-related documents or programs. Our company accounts may be safe, but your device could have a hacker just waiting for the right opportunity- and the second you use it to log into the company account, we become vulnerable. Our last digital defense we have (that we’re sharing anyway) is restricting IT tech admin rights. By only allowing certain individuals to access sensitive information we can better protect our company. By following these five processes alone, we as a department can keep our company information out of the hands of attackers and protect all of our client information. We don’t want competing companies getting an idea for how we’re going to run the next six months, because they can alter their plan and out-perform us or even steal some of our customers away from us by offering them lower costs or ‘better’ performance.

I recommend that our company should adopt five simple tasks to become more safe and secure, ensuring our customers can rely on us with their information. Always avoiding unsecured websites when using company devices is a major idea. If we stay off of these types of sites, it keeps cybercriminals from being able to access sensitive data that is being stored on that specific device. Not only should we stay off of unsecured websites, but staying off of unsecured networks is also a major key. This ties into using personal devices for work-related issues; sure, we all like the convenience and being able to access work from home- however, that could easily cause a major malware or phishing attack and we could lose sensitive data. We should train all new hires on important cyber security steps and let them know exactly how pertinent it is that they follow these steps. Explain to them that any lapse in judgment on any step could be devastating for the company, but also for them as an individual. Investing in security insurance and seeking out a specialist for advice on security insurance would be beneficial to our company’s financials and help lower any security risks that the department might overlook. If we add these simple steps into our security tasks, in addition to the protocols we already have in place, it will make our company the bane of any cyber attacker and they will not be able to get into our system. Our customers’ sensitive information will be safe with us for a very long time.

21 Top Cyber Security Threats: Everything you Need to Know (exabeam.com)

Five Ways To Protect Your Company Against Cyber Attacks (entrepreneur.com)