Keeping your network safe from intrusion isn’t just about protecting against data breaches or growing threats like ransomware that can disrupt your business.
Today’s firms have a wide range of digital touchpoints and this offers many different opportunities for harm should someone gain unauthorised access. This can include the direct theft of money or data, cyber vandalism, disruption to operations or reputational damage.
With so many endpoints, it’s vital to have the right tools to cover the entire network. If you do have any gaps, hackers will quickly exploit them to do damage.
Websites need greater protection
Your website is your brand’s digital shop window, but as one of the most visible parts of your business, it’s also a top target for hackers. For example, tactics such as SQL injections and cross-site scripting can take advantage of vulnerabilities to gain access to databases to extract data, or plant malware that can steal data from visitors.
This can have serious consequences. For example, booking company Ticketmaster was recently fined £1.25 million by the Information Commissioner’s Office (ICO) for failing to prevent an attack on its online payment page that enabled hackers to steal the financial details of millions of customers. Tens of thousands of fraud cases were reported as a result.
Even if you’re not accepting payments or other information via your website, attacks on these resources can be very harmful to your reputation. In the recent US election, for instance, the website of Donald Trump’s campaign was defaced by cryptocurrency scammers.
While the actual damage may have been limited, this type of attack is always embarrassing and can raise questions about the security of your organisation as a whole.
Videoconferencing tools offer new opportunities
One of the big winners of 2020 has been video conferencing services. As we’ve all had to adjust to working from home more often, these tools have provided a vital lifeline for many. These tools aren’t just used to keep in touch with colleagues, but also maintain connections with customers and other users that may otherwise have been lost.
However, if you’re not careful about the security of these, it can be costly. There have been multiple incidents reported of people gaining unauthorised access to private meetings on the likes of Zoom.
Sometimes this can be accidental or due to carelessness. In one incident recently, a journalist was able to gain access to a private meeting of EU defence ministers, after one of the participants accidentally tweeted an image containing partial login details for the meeting.
In that case, the intruder made himself known quickly, but more malicious actors could easily lurk unnoticed to eavesdrop on conversations – especially meetings with many participants. It also goes to show how human error is still a major factor in many network security incidents.
Don’t overlook social media
As well as your website, social media is another key means of communicating with customers for almost every firm, and it’s another potential channel for hackers to do damage. However, this is also an area that can be abused by people within a business.
For instance, this is what happened to a London gym recently, which unexpectedly started tweeting a string of angry, profanity-laced messages at customers. This was initially blamed on a hack, before it was revealed to be down to a “disgruntled employee” with access to the account.
Tools such as access management, two-factor authentication and effective monitoring solutions that can flag up unusual access or activity quickly are all useful in reducing the risk of this kind of incident.
Pay attention to new network additions
Finally, it’s important to remember that cyber and network security covers many more endpoints than in the past. Devices such as payment terminals, interactive display screens and smart Internet of Things devices can all give hackers access to a network.
As more firms have added new and untested services in 2020 in response to a swiftly-changing environment, this can present new opportunities for hackers to take advantage of implementations or new third-party tools that may not have been fully scrutinised.
In October, for example, it was reported that criminals had managed to compromise a remote payments service being used by schools to take cashless payments for things like meals and exam fees. They did this by accessing a payments page, enabling them to steal credit and debit card information in real time as it was being entered into the system.
This is the same type of attack that affected British Airways in 2018, which resulted in around 400,000 people having financial details stolen. The airline is currently facing a fine of £183 million from the ICO in response to this, though the final figure has yet to be confirmed.
No company should consider itself beneath the attention of hackers, which is why it’s essential for every firm to have a comprehensive, well-integrated network security solution that can protect all parts of the business.
Click here to see the 5 key elements every cyber security plan needs.