Alexey Kuzovkin: How to reduce risks for your Business
Kuzovkin Alexey is the general director of “Infosoft” company, ex-chairman of the board of directors in the group of companies “Armada”. Alexey Kuzovkin is highly experienced in managing innovative and IT projects.
Nowadays cybersecurity is one of important aspects of business management. Cyberthreats can do a serious damage to company, causing a leak of confidential information, loss of data, becoming a reason for penalty duties for law violation and other negative consequences. In order to reduce cyber risks for business, it’s necessary to take the necessary actions to protect data and systems of information.
What aims do the cybercriminals have
Cybercriminals may have various purposes and scopes. The most wide-spread are the following ones:
- Financial purposes. All the effort is put to receive financial reward by stealing financial data, installing a malicious software for hacking bank accounts or implementing attacks on payment systems.
- Obreption. Some cybercriminals can try to extort money by blocking data access or menacing with its publication.
- Political and geopolitical reasons. Hackers can interfere in elections, collect confidential data about opponents or receive access to important state information.
- Spying. It involves collecting data about competitors, intellectual property and technologies.
- Fun. Some can attack just to have fun or demonstrate their expertise in cybersecurity.
- Revenge. Sometimes cybercriminals attack companies in order to express their discontent caused by various reasons, for example, by firing or a conflict with employer.
Can passwords protect?
Passwords are one of the most used and simple methods of protection. However, they don’t always work on one hundred percent. Moreover, a lot of people use uncomplicated passwords, such as „123456” or the date of birth that can be easily guessed by hackers.
There are also other risks for security that cannot be prevented by passwords, for example, engineering, when criminals fool users in order to get access to their accounts, or usage of a malicious software.
However, passwords can still be useful to protect information if they are used correctly. In order to increase their level of security, we recommend to install complicated passwords consisting of letters, numerals and symbols.
It is also possible to use two-factor authentication (2FA), as it adds a supplementary level of protection, requiring a login confirmation on another device or application.
That means that passwords can provide some kind of protection, but they mustn’t be the only method used. Data security must be guaranteed in various ways, such as encrypting, risk monitoring, automated update of security systems and teaching employees to prevent attacks.
Business Email Compromise is a form of cyberattack when criminals use fake email or pick up real emails in order to make the victim to carry out a financial transaction or reveal confidential information.
Cybercriminals pretend to be company’s authorities or other high ranking official and, on their behalf, request employees to provide important documents, financial data or payments on fake bank accounts. They can use methods of social engineering, such as fishing attacks, to get access to the victim’s email and messages.
BEC attacks can do serious damage to business, including loss of money, confidential data, degradation of company’s reputation and law problems.
In order to protect yourself from BEC attacks, it’s necessary to use appropriate methods, such as teaching employees to follow security rules, two-factor authentication, unusual transactions monitoring, checking and confirming requests for financial deals, as well as installing antivirus and antispam software.
Security and cyber hygiene
These are two closely connected concepts that are extremely important in terms of protecting computer systems and data from cyberattacks and other menaces.
Security includes methods of protection from unauthorized access, maintenance of data confidentiality and safety, prevention of cyberattacks and other menaces. In order to make computer systems safe, it’s necessary to use authentication, authorization, data encryption, monitoring, software updates and installation of antiviruses.
Cyber hygiene includes rules and methods of using computer systems and data that help to prevent cyber risks. It consists of teaching users to follow security rules, such as setting complicated passwords, denying public Wi-Fi, ignoring suspicious emails.
Network and equipment
Network is what connects various computers and other devices inside an organization in order to exchange information and resources. Equipment includes all physical components that are necessary for computer systems to function, such as computers, servers, routers, commutators, modulators etc.
In order to make network and equipment secure, the following is necessary:
- Use network equipment that meet all the security requirements, such as firewalls, virtual private networks (VPNs), routers with NAT, IDS/IPS;
- Provide safety of network connections by using encrypting protocols, such as SSL/TLS, SSH, IPsec;
- Use correct settings and update software of network equipment which allows to exclude security weaknesses and other menaces;
- Use authentication and authorization on network devices and computers in order to prevent unauthorized access.
To decrease cyber risks for business, it’s necessary to realize a complex approach that includes methods of information security maintenance, teaching employees, monitoring and reacting on incidents, as well as regular audits and testing systems for weaknesses.
To do so, it’s necessary to install modern antivirus software and firewalls, set complicated passwords, carry out regular updates and data back-ups, as well as to monitor and analyze system logs.