If you've watched the news or scrolled through social media even once during the past year, you've probably heard about the uptick in the number of cyberattacks in 2021. In fact, according to IT security firm Check Point Software, global cyberattacks increased by 29% as hackers continued exploiting the COVID-19 pandemic and the shift to remote work to launch more sophisticated attacks against individuals, businesses, and governments.
In this blog, we’ll take a look at five notable cybersecurity events of 2021 and what your business can learn from them:
1. Colonial Pipeline ransomware attack
In May 2021, a ransomware attack disrupted Colonial Pipeline's gas supplies along the East Coast of the United States. The company believes that the attackers exploited a legacy virtual private network profile that was not protected by multifactor authentication. Colonial Pipeline paid approximately $5 million in ransom to recover their systems.
To protect your business from ransomware, keep copies of your important files in off-site servers or external storage devices like memory cards and external hard drives. Since these data backups are not connected to your IT network, they cannot be infected by ransomware. Also, make sure your security programs are always updated to prevent ransomware from exploiting vulnerabilities and evading detection.
2. The rise of smishing attacks
Smishing uses text messages to trick recipients into opening a malicious link or providing personal information. According to cybersecurity firm Proofpoint, reports of this type of attack increased by nearly 700% in the first six months of 2021.
What’s more, Proofpoint found that parcel and package delivery scams accounted for 67.4% of all smishing attempts. In such scams, buyers receive a text message with a shipment tracking code and a link to set their delivery preferences. Other smishing messages may claim that the recipient’s online banking account has been locked or that the recipient won a prize.
Prevent smishing attacks from affecting your business by educating your staff about them. Remind your employees that reputable companies will never directly contact them via text to ask for their information. If they receive such messages through their work email, tell them not to reply and report these to the IT department.
3. T-Mobile data breach
In August 2021, wireless network company T-Mobile suffered a data breach that involved the records of 48 million people. Breached information included names, birthdates, and Social Security numbers.
As a result, many customers lost trust in the company and filed class action lawsuits accusing it of negligence. If the company is found guilty in one of the lawsuits, it would be forced to pay hefty fines. Under the California Consumer Privacy Act, for instance, T-Mobile would need to pay $100 to $750 per consumer per incident, or actual damages, whichever is larger.
Here are some things you need to do to protect your business from data breaches:
- Provide security training. Train your employees to recognize online scams by regularly conducting simulated phishing exercises. Send out fake phishing emails to everyone in your company, and retrain those who failed the test. Finally, teach your staff to store data properly, use strong passwords, and avoid opening potentially malicious files.
- Implement strict data access privileges. Your business’s data must be accessible only to authorized personnel. Role-based access control (RBAC) technology allows you to provide users the minimum access privileges necessary to do their job.
- Create a data breach response plan. Should your business suffer a data breach, it’s important to have a response plan. This must list out the steps you need to take, such as investigating the breach, notifying customers and authorities, and contacting IT consultants and insurance companies.
- Partner with a reliable managed IT services provider (MSP) like Complete Document Solutions. MSPs can provide proactive and round-the-clock threat monitoring and system maintenance, so potential issues can be addressed before they result in full-scale breaches and downtime.
4. Microsoft goes passwordless
In September 2021, Microsoft announced that its users can go passwordless on their accounts. The move was its way to combat password attacks like phishing and brute force attacks. The software giant now encourages users to opt for more secure authentication methods such as facial or fingerprint recognition, physical security keys, and verification codes sent via email or text.
By going passwordless, users no longer need to memorize complex combinations. This also makes online accounts impervious to password attacks.
5. Rise of macOS malware
Check Point Software identified a macOS malware called XLoader that can spread through malicious Word documents. It can record keystrokes, take screenshots, and obtain information stored in the clipboard. The malware is also capable of installing more malware to cause further damage to systems.
This proves that despite the popular notion that Macs are immune to malware, the opposite is actually true. If your business uses Macs, keep your operating system and programs updated to mitigate the risk of falling victim to a cyberattack. Also, make sure to only install software from reliable sources.
Complete Document Solutions is the best MSP for securing your California business from cyberattacks in 2022. Partner with us and we will ensure that all threats are taken care of so you can access your data and applications without any issue. Request a FREE IT and network assessment today to get started.