As Singapore and global businesses are increasingly moving online, newer and less tech-savvy businesses will create more and easier targets for hackers. As hackers pour more resources into an increasingly lucrative market, more advanced tactics may be developed against bigger companies with more cyber protection.
The current work-from-home regime also exposes businesses to a higher risk of cyber-attacks as employees may use non-corporate internet and equipment to access corporate resources. This makes it easier for hackers as they can gain access without having to bypass corporate firewall and anti-virus protection (if any).
The Cyber Security Agency of Singapore (CSA) handled 9,080 online scams in 2020 – the second consecutive year that it had increased. CSA also mentioned that malicious cyber security concerns remain due to “rapidly-evolving global cyber landscape and increased digitalisation brought about by the COVID-19 pandemic”.
What Exactly Is Malware?
Malware is malicious software designed to grant hackers unauthorised access to your company’s computer(s). From there, hackers can steal sensitive company and customer data and finances. Malware can also slow down or shut down your computers, network servers, and possibly, your entire business.
One kind of malware is ransomware. It encrypts important files on your computer to render them unusable. Victims will then have to pay a ransom (usually in the form of money, cryptocurrency or other sensitive information) to receive a code from the hackers to decrypt the files. As we can imagine, payment may not guarantee decryption.
CSA also notes that local ransomware cases (that are reported to them) have been on the rise, as shown below.
In fact, CSA also states that the number of ransomware globally have more than doubled in the first half of 2021.
The most common delivery vehicle of ransomware is phishing – that means ransomware will pose as a credible source, such as the CEO, an employee or business partner of the company. Emails that are supposedly from them could really be phishing attempts by cybercriminals. Clicking their links could unleash malware onto your company’s system.
Even without actual malicious software – malware – getting into your IT infrastructure, hackers can use phishing to extract sensitive company data (and steal money) from businesses.
With such variety and ferocity of ransomware viruses, here are 8 cyber hygiene tips for you and your employees to safeguard your company’s devices, information and money.
#1 Two-Factor Authentication
Get your employees to enable two-factor authentication (2FA). This means that for any email that comes in requiring employees to send sensitive information and/or money, they should authenticate the request in another manner. Some things they can do is to ask the sender in-person, or call or text the sender to verify the instruction.
#2 Change Your Passwords Regularly
For emails or device access, employees should not use passwords based on their Personally Identifiable Information (PII). PII includes their full name, passport number, bank account number, driver’s license number and even their email address.
#3 Know What You Are Clicking On Emails
Always verify the source of the emails, especially when it requires employees to send data or finances.
Be suspicious of emails that are poorly worded or use urgent language, as they are telltale signs that the person is unfamiliar with the country/business or wants to trigger a quick response.
Also, take note of attachments with extensions such as ‘.exe’, ‘.vbs’ and ‘.scr’ – do not open them unless you know exactly what you’re opening.
#4 Create Back Ups
Periodically back up your company data in case a ransomware attack destroys your data or holds it ransom.
Ideally, you want to keep two backup copies – one stored on cloud, and another on a physical drive, (such as a thumb drive, portable hard drive or spare laptop). Employees should disconnect these drives to the internet when the backup is complete.
#5 Run Anti-Virus
Protect your computers from ransomware with well-established anti-virus software. Keep ‘heuristic functions’ switched on- they are critical in catching ransomware samples that have not yet been formally detected. Heuristic functions turn on the parts of anti-virus software to discover suspicious patterns and to deal with them.
#6 Patch (I.E. Install The Latest Versions)
Install the latest versions of the operating system (OS) and all software applications on your computer. Enable automatic updates for your software up to date in order to minimise vulnerabilities.
This can be an easy one to forget as many of us may simply choose to delay patches because we want to complete a task immediately.
#7 Stop The Spread
If you spot rogue or unknown processes on your computer, disconnect it immediately from the Internet and other network connections (such as company Wi-Fi). Doing so reduces the likelihood of the infection spreading.
Businesses should also limit privileged access to only individuals who require full access to carry out their work.
#8 Block Malicious or Spoofed Emails
For companies that are able to, utilise email filters to sieve out emails containing known malware spamming indicators. IT teams within these companies can also block suspicious IP addresses at the firewall. Email authentication tools, like Domain-based Message Authentication, Reporting and Conformance (DMARC), help you detect spoofed emails for free.
Subscribe To The DollarsAndSense Business Pass
Enjoy what you are reading and want more? Join The DollarsAndSense Business Pass and unlock access to valuable tools, exclusive networking opportunities, and tap into the wisdom of industry experts to fuel your business expansion!
