Cybersecurity remains one of the most important – and most difficult – challenges any business faces. Externally, threat actors keep pushing the digital envelope of attacks, seeking to gain unauthorized access to sensitive information. Internally, business owners, IT teams, and employees struggle to keep pace with new attack methods and vectors.
The attack landscape might seem overwhelming, but don’t worry! Celebrating Cybersecurity Awareness Month every October is a reminder that everyone plays an important role in protecting data. In the spirit of 2024’s theme “Secure Our World,” there are seven things that every employee should know about cybersecurity.
1. What the latest attack methods are.
Attackers employ sophisticated methods that exploit weaknesses across people, processes, and technologies – and these methods are constantly evolving. Here are some of the latest attack methods bad actors are using:
Phishing.
Phishing attacks remain a consistent threat. Malicious actors often incorporate them to collect credentials used for initial access, with research noting that a 71% increase in attacks leveraging valid credentials was often tied to phishing. In a phishing attack, the cybercriminals craft convincing messages that appeal to a person’s emotions and suggest urgency, tricking the recipient into taking action against their best interests like:
- Downloading a malicious file that installs malware on the device
- Clicking a malicious link that asks for credentials
Pharming.
Pharming attacks redirect users from legitimate websites to fraudulent ones without their knowledge. Thinking these are legitimate sites, the victims provide sensitive information, like personally identifiable information (PII) or credentials. Often, malicious actors use DNS poisoning to execute these attacks, meaning they corrupt the Domain Name System (DNS) records.
Ransomware.
Ransomware continues to cost businesses both financially and reputationally. Over the past few years, double exploitation ransomware attacks have become common. They increase the likelihood that the business will pay the demanded ransom by:
- Encrypting data so the business can’t use it
- Threatening to release stolen data on the dark web
Many ransomware attacks start with social engineering tactics, like phishing attacks, underscoring the importance of proactively mitigating these risks.
2. What is social engineering and its impacts?
Social engineering is when malicious actors manipulate people into making mistakes. Typically, these tactics exploit people’s emotions, like empathy, anxiety, or fear. Once the victim’s emotions are elevated, the attacker adds a sense of urgency so that the target has less time to think about the impact of their decision.
Common types of social engineering tactics include:
- Smishing (SMS phishing): sending text messages claiming that the person needs to take immediate action that involves clicking on a malicious link, like pretending to be the IT department asking the user to verify an account
- Watering hole attacks: infiltrating websites that the target demographic uses and then using the scarcity principle to manipulate them, like suggesting a limited-time offer or offering exclusive content to provoke a quick decision
- Honey traps: enticing victims through romantic or social connections, preying on emotional vulnerabilities, and creating a compelling narrative that leads to compromised data
These methods can lead to data breaches, significant financial losses, and more, so it’s important to make sure that all employees within your organization are trained to recognize and report social engineering attempts.
3. How to handle sensitive data.
Sensitive data that attackers access can be used to commit financial fraud, carry out identity theft attacks, and more. To protect sensitive data, organizations should have established policies that outline employees’ responsibilities. While many organizations provide employees with corporate devices, research notes that 50% of adults worldwide use employer-issued devices for personal activities.
Creating a defense-in-depth strategy for handling sensitive data should include the following best practices:
- Creating secure storage processes, like setting strong password policies and encrypting data-at-rest
- Enforcing role-based access controls (RBAC) that limit user access to resources based on what they need to complete their job duties
- Implementing virtual private networks (VPNs) that restrict access to networks and encrypt data-in-transit
- Preventing users from storing sensitive customer or company data on personal devices
- Engaging in regular data backups
- Implementing and enforcing appropriate use policies for company-owned devices
4. How to create strong passwords.
With people remotely accessing cloud resources, password hygiene becomes an important protective layer. According to the National Institute of Standards and Technology (NIST) draft guidelines released in August 2024, best practices for passphrase creation include:
- Making passphrases as long as possible within reason
- Making passphrases meaningful to the user
- Using space characters when creating passphrases
- Restricting people from using common passwords, like dictionary words or passwords from previous breaches
5. Ways to secure devices.
The modern workforce relies on portable devices, like smartphones, tablets, and laptops. With access to critical resources and sensitive data, these devices are prime targets for attackers. Since people take these devices wherever they go, organizations need to implement digital and physical security controls for them.
Digital security.
Digital security best practices mitigate cybersecurity risks arising from unauthorized remote access to data and include:
- Installing anti-virus/malware on devices
- Installing security updates as quickly as possible
- Encrypting data stored on devices
- Backing up data regularly
- Preventing users from installing applications beyond those approved by IT
- Setting allow lists for resources that the devices can access
- Setting block lists to prevent users from accessing risky types of websites, like those used for gaming or gambling
Physical security.
Physical security best practices mitigate risks arising from device theft or loss and include:
- Requiring passcode or biometrics to access the device
- Setting time-outs that lock screens and access after a defined period of inactivity
- Implementing policies and timelines for reporting lost or stolen devices
- Remotely wiping devices after they have been reported lost or stolen
6. Your organization’s cybersecurity policies.
The organization’s cybersecurity policies are directly linked to the practices that employees should follow. To ensure everyone understands their responsibilities, employees should review and acknowledge these policies at the following times:
- During onboarding
- At least once per year
- When changes are made to policies
Every company has a different IT environment, risk tolerance, and compliance landscape, so companies often have differing policies. For example, organizations that give employees corporate devices have more control over how people use them than ones that allow workforce members to use personal devices.
Some examples of policies that employees should review and understand include:
- Appropriate use policy: resources they can and cannot use corporate devices to access
- Password requirements: rules for password strength, including character length and types
- Clean desk policy: how to store sensitive information out of sight, including locking screens and logging out of devices at the end of the day
- Bring Your Own Device (BYOD): devices and activities permitted when using personal devices for work
7. How to spot suspicious activities.
Despite everyone’s best efforts, attacks can happen. The faster the organization identifies an issue, the less damage the incident can cause. While the company’s security department handles the daily logging and monitoring activities, workforce members should also be able to identify issues on their own devices that can indicate a security incident or malware, including:
- New apps: The sudden appearance of unexpected applications can possibly indicate a malicious program or unauthorized software.
- Pop-ups: Unexpected pop-up messages when browsing could indicate adware or phishing attempts, especially if they urge someone to download software or take immediate action.
- Slowdown in device performance: A noticeable decrease in performance, such as lagging or freezing, may suggest that your device is compromised.
- New extensions or browser tabs: New browser extensions or unfamiliar tabs potentially indicate a cybercriminal gained access to browsing habits and preferences.
- Loss of control over input devices: Unexplained mouse movements or keyboard inputs potentially indicate a cybercriminal has remote access to the device.
- Frequent security alerts: Unexpected alerts from antivirus software may indicate a potential security breach or malware attack.
- Changes to settings: Unexpected and unauthorized changes to device settings could indicate remote access to the device or malware running on it.
Vercara: Securing your digital infrastructure.
Vercara’s suite of solutions provides security across your digital infrastructure. Beginning at the foundation, our UltraDDR is a proactive, protective DNS solution that helps you harden your network and mitigate remote work risks.
With Vercara, you can automatically detect and block risky connections or new threat actors as soon as they appear, whether they’re part of a social engineering, phishing, or supply chain attack. Our lists and categories engines enable you to enforce your acceptable use policies, enhancing security in the event users make mistakes or attempt to circumvent rules.
Layering UltraAPI on top of your DNS security enables you to track and block threats at this attack vector. With our solution, you can discover APIs, implement security controls for compliance, and detect and prevent bot and other attacks.
To get our weekly report on cybersecurity news, please subscribe to receive our OSINT report.
