Page 138 - Cyber Defense eMagazine January 2023
P. 138
The Biggest Threats to the Smallest Companies: The More You Know
While being mobile (and untethered) presents many benefits, SMBs still need to be aware, alert
and keep their defenses up.
• Think before you click. (Phishing and mobile devices). Did you know that in 2021, 83%
of organizations experienced a successful email-based phishing attack compared to 46%
the year before? Attackers will take advantage of any opportunity to make their phishing
attacks more successful. The design of apps on mobile devices can, unintentionally, make
phishing harder to detect, helping attackers to get past people’s normal defenses. Help your
employees prepare by not clicking a bad link, providing credentials, or executing a wire
transfer.
• Just say no (To Apps and Access). The number of apps, especially web-based ones,
continues to grow. Malware remains a major problem, but even everyday apps can be a
threat. Giving applications access to the camera, microphone, photos, location data, and
other data and device functions can be a significant security risk. Users should be careful
about applications requesting permissions that they don’t need.
• Beware of Weird Campaigns (Malware). The 2022 Verizon Data Breach Investigations
Report found that over 30% of breach cases involved some form of malware. Attackers
design phishing campaigns specifically targeting mobile devices, and they build malware
specifically for mobile devices too.
• Ransomware. The remote environment is primed for ransomware. As organizations
continue to support remote or hybrid work, they no longer have the visibility and control
they once had inside their perimeter. In fact, according to a recent State of Small Business
Report, a majority of small and midsize business decision makers consider viruses (55%)
and malware and ransomware (54%), the most concerning and at risk compared to
previous years. Having unmanaged and personal devices on networks outside the
traditional perimeter greatly reduces the visibility and control that security teams have.
• Devices and things. With more devices, the danger of lost or missing devices grows. But
it’s not just the quantity of devices that’s growing, the variety is growing too. Today there
are smartphones, laptops, tablets, hybrids, wearables, and a seemingly endless range of
connected devices that employees are using.
• Networks and cloud. Insecure networks remain a serious threat to mobile device security.
Attackers can intercept traffic through man-in-the middle (MitM) attacks or lure employees
into using rogue Wi-Fi hotspots or access points.
10 Simple Ways to Prioritize Data Security in a Complicated World
With mobile use essential to staying relevant to consumers, it’s a good time for companies of all
sizes, especially SMBs, to double down on their cybersecurity policies.
Data security doesn’t need to be complicated. Here are 10 simple ways they can better protect
their data and key systems:
1. Ensure that employees understand the importance of keeping operating systems and apps up to
date on all devices.
2. Prioritize cybersecurity awareness training so that employees know what to look for. (Training
should include real-world attack simulations to mimic everyday scams.)
3. Deploy anti-malware functionality to all devices.
4. Consider restricting employee access on resources and devices not controlled by the company.
Cyber Defense eMagazine – January 2023 Edition 138
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
