Phishing, ransomware, and supply chain attacks have surged in 2021. Following several significant data breaches in the last year, the Biden administration has urged businesses to take a proactive stance against cybersecurity attacks in order to prevent their data from being compromised.
No company is too small or doing business in an industry that is not targeted by hackers. Every organization should have safeguards and procedures in place for preventing security incidents before they happen. Here is our guide for what you can do to strengthen your security program, prepare your workforce, and keep your organization’s information safe.
Why are data breaches becoming more of a threat?
The COVID-19 pandemic greatly accelerated the demand for cloud-based offerings. During the first quarter of 2020, cloud spending rose 37 percent to $29 billion. The shift to remote work across many industries has precipitated a need for long-term security plans which take into account the presence of workers offsite, virtual access to systems, and technical safeguards which may be required on home networks or devices. Many organizations which have failed to properly migrate their data and systems into a remote environment have left their information vulnerable to hackers.²
Some of the major cybersecurity attacks of the past year include:
- The infamous SolarWinds hack, in which a massive data breach occurred after SolarWinds, a third-party vendor widely used across the federal government, fell victim to a sophisticated hacking campaign.
- A ransomware attack on Colonial Pipeline, which disrupted fuel supplies along much of the East Coast for several days.
- A ransomware attack on the world’s largest meat processing company, JBS, in which the company’s servers were breached and production was halted.
- The New York subway system hack, which was part of a larger breach of multiple federal agencies and critical organizations.
These attacks reveal that hackers are targeting infrastructure like transportation systems and hospitals as well as tech companies and those in other industries. Hackers are indiscriminate in that they lodge attacks against sole proprietors, multi-billion-dollar companies, and all those in between, including nonprofits that have billions of dollars in assets and invaluable donor data.
What you can do to prevent cybersecurity attacks
Annual cybersecurity policy compliance training is crucial for preventing cybersecurity attacks. Not only should you have technical safeguards in place like patching and software updates but you must also train your workforce to recognize potential breaches before they happen. Employees are your first line of defense, and often your weakest link.
Phishing attacks are often conducted over email. If employees are properly trained, they will know not to open any suspicious emails and not to click any links or carry out any requested action items. Many attacks like these come about as a result of user error. Know how to spot attempted breaches and have procedures in place for how they will be prevented, documented, and analyzed to make sure the safeguards you have in place are sufficient.
The FBI advises against paying ransomware fines. Paying does not guarantee that you will get your data back, and may result in the loss of money and your data. It’s better to manage a lack of access for a short time while authorities assist you in recovering your information than to place a large financial burden on your organization by paying a ransom. The only way to discourage ransomware attacks is to stop paying hackers, and the best way of not paying is to have safeguards in place that prevent it from happening.
Data breach prevention checklist
- Perform a Risk Assessment: A Risk Assessment allows you to identify gaps and weaknesses in your organization’s security standards and mitigate them before they become an issue. It is an essential step in maintaining the security of your data.
- Document and follow your HIPAA compliance plan: If you don’t have it documented, then it doesn’t exist. A comprehensive compliance plan will include Privacy and Security Policies and Procedures, a Disaster Recovery Plan, a Remote Work Policy, a BYOD (Bring Your Own Device Agreement), and Business Associate Agreements with third parties.
- Update and patch systems: Software updates and patches are essential for closing critical holes in your systems. Have a plan for how to push these updates across all systems in a timely manner. Many systems allow for auto-update.
- Follow the 3-2-1 backup rule: Have at least three backups on two different kinds of media, with at least one offsite.
- Train your staff on your security standards: Your staff should not only be able to recognize social engineering (ex: phishing) attacks but also know the proper procedure for dealing with them.
- Use the most up-to-date security software: You should have firewalls and anti-malware programs on all devices which have access to company data. These programs should be regularly updated. Additional tools such as Gravyty Guard use Human Layer Security to help keep your employees safe through the use of AI.