By Melissa S. Doolan, Esq.
In 2021, the average number of cyber security attacks increased by over 15%.[1] LinkedIn was source of the largest data breach in 2021 when over 700 million files were stolen. An increase in cyber related attacks should have everyone reviewing their cybersecurity plan.
Before we talk about developing a plan, this article will discuss the basic form of cyberattacks. We have heard the terms malware, viruses, ransomware and phishing. What do these terms mean and how do they held you develop a cybersecurity plan?
Malware is a broad category of harmful software. A virus is a type of malware. Once the virus is on a computer, like a human virus spread from person to person, the computer virus spreads to other computers. The most recent large scale virus attack was the WannaCry from 2017. It infected over 200,000 computers and costs billions in damages before it was stopped.
Ransomware is malicious software that blocks access to a computer or certain files used to extort money in exchange for releasing the block on the computer or files. You may recall when majority oil refinery company on the East Coast paid $4.4 million or when a large meat packing company paid over $11 million for the release of their files.
Phishing is an attempt to obtain information that the user would not normally provide if the user knew that the information would be used for an improper purpose. For example, you may receive an email that says your bank account is locked until you answer a security question. You may have allowed a user into your system when you click on that link and answer the question. The user cast a net to see what the user could catch, hence the term phishing.
Now that we have a basic understanding of the cyber threats, then next step is to develop a plan for prevention of those threats. The number one cause of cyberattacks is human error. Human error can occur by having an easy to guess passwords, clicking on a link, using public Wi-Fi and downloading something onto your computer from an unknown source.
Easy to guess passwords are the number one way an unauthorized user accesses the system. According to one cyber security expert, your password should contain a minimum of 16 characters with a mix of uppercase letters, lowercase letters, numbers and special characters. You should have two factor authentication in place, wherever possible.
Before you click on that link, hover over the link to see if the link has an identifiable URL. If the URL is random letters or not the website for the legitimate business, do not click on the link. Take the few minutes to call the send of the email to verify the person sent the email and the link is safe.
Most public Wi-Fi is not a secure connection, meaning anyone can access your computer or phone once you connect. Add a VPN (virtual protective network) prior to accessing public Wi-Fi. A VPN works by spoofing the address of your computer to make it appear that it is coming from a different location. There are many VPN providers out there you can download from your favorite app store.
Finally, make sure your computer has up to date antivirus software and that you scan your computer regularly.
The best protection against a cyber attack is a good defense. Complex passwords, not clicking on links before identifying the security of the link, not downloading information from unknown sources and up to date anti-virus software are keys to a good defense to protect your company from a data breach.
The information provided herein is for reference purposes only, is general in nature, and is not intended as legal advice. For specific questions or legal issues regarding your association, please contact us at 480-219-3633.
[1] Alarming Cyber Statistics for Mid-Yar 2022 That you Need to Know by Chuck Brooks published in Forbes on June 3, 2022. https://www.forbes.com