Jodi Daniels is a privacy consultant and Founder/CEO of Red Clover Advisors, one of the few Women’s Business Enterprises focused on privacy.
October is Cybersecurity Awareness Month (in addition to Breast Cancer Awareness Month and National Physical Therapy Month, to name just a few). We have a limited supply of months and a lot of things to raise awareness about.
However, more awareness is never a bad thing—especially when it comes to cybersecurity.
So, let’s talk about some of the cybersecurity threats you should be aware of and how you can strengthen your business security protocols against vulnerabilities.
How are cybersecurity threats evolving and putting the workplace at risk?
Many cybersecurity threats have emerged or found new forms by exploiting software services and AI technology. Consider these cybersecurity trends that could impact your workplace:
1. Audio and visual deepfakes can trip up employees who may think themselves impervious to phishing schemes.
2. Data leakage and device infection are an ongoing concern with the increase of remote work, as employees use their more vulnerable personal devices to access work-related systems.
3. Attacks against cloud services are on the rise (which makes sense, considering how many companies worldwide use cloud computing). Per IBM, 25% of security incidents (registration required) in a study from March 2023 to February 2024 involved data stored solely in a public cloud.
4. Credential stuffing, password spraying and Kerberoasting (I can’t make up these names) all benefit from AI bots that help hackers work through log-in credentials and password pairings on a larger scale than ever before.
5. AI-driven ransomware is adapting to traditional security measures to get around common protections.
How can companies strengthen security?
But you don’t need to be held hostage to cyber threats—not literally or figuratively. These six tips can strengthen your business security protocols.
1. Educate employees on social engineering.
Phishing has existed since the ’90s for a good reason—it still works.
Now, with audio and visual deepfakes mimicking voices and faces, attackers can manipulate employees who may consider themselves savvy against the “This is the CEO, buy me 50 gift cards” phishing emails.
This is why I recommend frequent employee training—and by frequent, I don’t mean the obligatory once-per-year webinar. If there’s a major shift in the industry, don’t wait until next year to talk about it.
Instead, find ways to discuss ongoing cybersecurity threats. This could be as simple as a monthly “lunch and learn” or a recurring email series that discusses major threats in the industry, warning signs and proactive measures to take. Tailor your strategies to what aligns with your business culture and employee needs.
2. Secure personal devices.
Bring your own device (BYOD) is when employees connect to an organization’s network or access work-related systems via their personal devices. This is incredibly common—just consider how many people check their work email on their personal devices.
To protect against data leakage—e.g., vulnerabilities from outdated operating systems—consider putting a mobile device management solution in place to separate corporate data from personal data and preserve user privacy.
These solutions benefit everyone. They give your employees the flexibility to check their email on the go or work from home on their own devices while prioritizing security with role-based access to enterprise data, a secure VPN and password-protected applications.
3. Fortify cloud security.
There are plenty of techniques to fortify cloud security, but what works best for your business will vary. Here are a few ways you might reduce vulnerabilities in the cloud:
• Strict user access controls to limit access to sensitive business data.
• Multifactor authentication (MFA) to prevent unauthorized access (see tip four).
• Regular patch management protocols to identify and mitigate system vulnerabilities.
For your IT team, also consider regularly monitoring against:
• Misconfigured cloud settings, such as glitches, gaps or errors.
• Cross-site scripting (XSS), which delivers malicious code through infected URLs.
• SQL injection (SQLi), which manipulates application behavior or harms system infrastructure.
• Server-side request forgery (SSRF), which allows attackers to access internal endpoints indirectly.
4. Strengthen identity protection.
Identity protection is just as much about educating employees as it is about using the right IT tools and tactics.
For tools and tactics:
• Implement multifactor authentication for employees to access company applications, email or VPN. (According to Microsoft, accounts that use MFA are 99.9% less likely to be compromised.)
• Regularly update software and firmware to patch vulnerabilities.
• Use end-to-end data encryption to make it more difficult for bad actors to access data.
For employees:
• Require password updates every 90 days (and reject repeat passwords).
• Encourage employees not to reuse the same passwords they use on their personal accounts and devices.
• Provide clear and regular reminders of how employees can report suspicious emails or activity on their accounts.
5. Combat evolving ransomware tactics.
Advanced ransomware is an ongoing threat to businesses. To combat evolving ransomware tactics, businesses should perform regular security assessments to identify and address system vulnerabilities.
You can use tools such as penetration testing and vulnerability scans to discover system flaws. Of course, these tools often require outside software, so it’s important to research which tools are reputable and a good fit for your business.
And if you can’t beat them, join them (…then beat them). Just like bad actors are learning to use AI to their advantage, so can you. AI cybersecurity tools can help accelerate threat detection and mitigation, expedite response and triage security alerts.
6. Implement zero-trust architecture.
Zero-trust architecture (ZTA) is pretty well-named. It’s a network strategy that operates on the principle of “Never trust; always verify.”
It’s a granular security approach that focuses on enforcing security policies for connections within your network rather than enforcing the network perimeter. Even if a bad actor gains access to one part of your system, they are prevented from accessing and compromising the wider network.
(Even the federal government has moved to adopt zero-trust architecture. If every federal agency is going through the effort to implement ZTA, it’s probably a wise investment for your business).
Stay alert year-round.
Review your business’ cybersecurity protocols to make sure you’re set up for success. If necessary, revisit your governance plan to address how you respond to emerging cybersecurity threats.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
link