Last week, IT security experts revealed a sharp increase in so-called “fileless” malware — device and network infections that are not readily apparent since they’re embedded directly into a computer’s actual memory. These malicious agents can quietly infiltrate data for months or even years, as more than 140 companies in 40 different countries have learned over the last two years.
Researchers at Russia’s Kaspersky Lab first identified fileless malware in 2015 and recently reported on its rise amongst global financial institutions. But they haven’t yet determined whether a single group of hackers may be behind the attacks, or if competing collectives of cyber criminals are simply pushing each other to come up with increasingly complex malware strains. Either way, the fact that traceable files aren’t left behind in infected computers makes the challenging job of attribution even more difficult.
What isn’t hard to understand, however, is that a robust, modern approach to IT strategy is required to survive and thrive in these wild cybersecurity times. Beyond the usual recommendations (implement layered network security; never open ANY attachment or click ANY link in an email from a sender you don’t recognize; always make regular, redundant, and remote backups of your data) another concept is coming to the forefront: the human firewall.
This strategy empowers employees to make sound security decisions by limiting the sensitive login information they have access to, providing clear IT policies and procedures that can be easily followed, and requiring ongoing training and education to match the never-ending evolution of cybercrime methods. Today, it might be enough to teach workers to inspect suspicious emails for spelling errors and double-check domain names to make sure they’re not cleverly imitated fakes (think firstname.lastname@example.org instead of email@example.com). Tomorrow, they might need to understand the technical requirements of fileless malware or be able to identify a sophisticated social engineering attempt.
Recent studies estimate that more than 65% of all companies will experience a data breach of some kind — and 50% of those attacks will occur because of human error. The most devastating consequences typically arise through financial fraud, while heavily regulated industries like finance, legal, and health care stand to lose much — the intrinsic trust of their clients and millions in non-compliance penalties — due to a rising underground marketplace for such coveted personally identifiable information.
The strongest security policies in the world still rely on execution by human beings — as the old cybersecurity saying goes, “Amateurs hack systems; professionals hack people.” That’s more than evident when assessing the recent spike in health care and financial industry phishing, business email compromise, and ransomware.
But it is possible to empower your employees to be security superheroes — especially with the help of a trusted IT provider like CMIT Solutions. We specialize in the IT solutions, security tools, and policies and procedures that boost productivity, reduce downtime, and enhance efficiency for small to medium-sized businesses. Below are a few ways to achieve such goals:
1) Make cybersecurity part of everyone’s job (and part of your company’s overall culture).
It takes more than one or two employees to implement a solid security policy. Requiring that all staff members buy in means that everyone is invested in both the process and the outcome, from the writing of rules to their day-to-day execution.
2) Be responsible with passwords and login credentials.
Ditch the old sticky note storage method. Enable two-factor authentication. Employ an enterprise-level management solution that automatically generates, rotates, and resets passwords. There are many methods for enhancing the security of your passwords, and with the backing of an experienced IT partner, none of these have to be neglected.
3) Rely on proactive maintenance and management as a security foundation.
The most comprehensive managed IT services automatically deploy security patches and software updates, keep a constant eye on all system operations, and provide reliable, even 24×7 Help Desk services. These kind of solutions keep your business running, your employees productive, and your focus on client service and revenue growth instead of on IT headaches.
4) Implement robust employee onboarding and offboarding processes that keep your business and its data safe.
Security experts debate which in-house IT issues cause more problems: inadequate training up front, when new hires are learning your company’s ropes, or insufficient termination procedures that can expose critical data to the whims of disgruntled employees. Either way, a more robust approach is required.
5) Have a backup and disaster recovery plan in place in case the worst happens.
No matter what IT issues you might be affected by — data breach, malware or ransomware infection, email compromise, phishing attempts — it’s critical to have reliable data backups taken at least once per day and stored offsite to minimize the impact of manmade or natural disasters. A comprehensive plan to implement the recovery of said data is equally important.
If you find yourself confused by the onslaught of recent cybersecurity news or compelled to learn more about the human firewall, contact CMIT Solutions today. We worry about IT so you don’t have to and go the extra mile to keep your data, your systems, and your employees safe.