Home » NordVPN

Tag: NordVPN

Cybersecurity Checklist for 2021

7 cybersecurity tips to start the year off right  

By Juta Gurinaviciute, Chief Technology Officer, NordVPN Teams

A study by PwC shows that 50% of business leaders plan to integrate cybersecurity and privacy into every business decision they make in 2021. With the lessons already learned from remote working during the pandemic and the growing reliance on digital tools, cyber resilience is a key goal every industry will pursue this year.

However, a study by Ponemon found that 82% of cybersecurity expenditures go toward post-hoc measures, such as detection, containment, and recovery. Only 18% of budgets, a fourth of the previous sum, are invested in cyber-attack prevention, and few companies take the precautions needed. On the other hand, budget figures may not be the most important factor: a company’s digital resilience depends on its security culture, and some provisions cost virtually nothing.

To have a flying start this year, enterprises should check the grey zones that are often neglected or forgotten. Consider, for example, obsolete devices, vulnerable software, or outdated security policies: all of those can be leveraged by criminals and used in potential data breaches.

7 cybersecurity checkboxes to tick in 2021   

1. Check your employees’ knowledge. Human error accounts for 88% of data breaches, and even if employees are aware of the precautions they should take, they are not always willing to do so. Cyber resilience is no longer in the hands of the IT and security professionals only: increasing remote workloads and reliance on digital tools make cybersecurity everyone’s concern. CISOs should come up with alternative training methods: cybersecurity check-ups should be entertaining, rewarding, and inclusive.

2. “Check Your Password” day. One in four workers admit they use the same password for every account. IT security officers should strongly discourage this.

Regular prompts to change passwords are not always taken seriously by employees, and these prompts can pose an additional risk to a company’s cyber protection. However, if the same password is used across platforms and websites, your company’s security could be seriously compromised. Ask your employees to think of new and separate passwords for work, or consider switching to password manager apps or biometric authentication.

3. Do a spring cleaning. Most Android devices are supported for just three years, and while some devices might receive security updates for longer, unused or neglected computers, phones, and user accounts are vulnerable to attack. Consider all the tools your employees use and have access to. For example, employees may have accounts on platforms they have never accessed. Deleting unnecessary accounts reduces the surface area for cyber criminals to attack. Organizations should make a list of such redundant accounts and outdated infrastructure and get rid of them.

4. Test your backups. In 2020, the average damage done by ransomware was $1.45 million, whereas ransom demands totaled $1.4 billion. The usual way to mitigate this risk is to regularly back up an organization’s data. However, when the day comes, some enterprises find their backups are inaccessible. It is wise to constantly test backups and verify that everything is in order. Don’t forget to keep offline copies on devices that are physically disconnected from the internet, as hackers look for network-attached storage devices.

5. Review your policies. A survey by the Cyber Readiness Institute has shown that only 40% of small enterprises have implemented a cybersecurity policy – and small and medium businesses (SMBs) make up over 99% of the market. Some companies review their cybersecurity regulations to comply with official requirements, such as the GDPR, but each industry has its own legislation concerning data breaches and safety. Apply the lessons from the pandemic year, check the cybersecurity trends, and review your policies to stay resilient in 2021.

6. Look out for upgrades. Nearly half of organizations (45%) have adopted a new technology or contracted a new vendor to enable remote work due to COVID-19. However, extreme events shouldn’t be the only impetus for modernization. Businesses should evaluate their current infrastructure and software and keep an eye out for the most up-to-date cyber resilience tools on the market. Those include, but are not limited to, cloud services, various software-as-a-service (SaaS) solutions, and Zero Trust Network Access (ZTNA) technologies.

7. Patch up. According to Gartner, 99% of the vulnerabilities exploited by the end of 2020 were known to security and IT professionals at the time of the incident. Cybercriminals constantly look for the weak spots in popular software and security teams do not always manage to keep up with the 12,174 new vulnerabilities popping up every year. Enterprises shouldn’t be discouraged, however: the first step is to make sure employees work with the most up-to-date software. If they’re reluctant to update, encourage them with a day-off, as a heavy workload is the usual excuse given for keeping software out-of-date.

Resilience to digital threats lies not only in the most advanced security technologies, but also in the cybersecurity culture of a company. Cybersecurity depends on the examples set by senior executives, security policies in place, and security awareness of every employee. Efforts to stay protected shouldn’t be limited to occasional check-ups: perform them several times per year and integrate cyber and privacy matters into every business decision to make security everyone’s interest.

Bio

Juta Gurinaviciute is an IT professional with over 20 years of experience in cybersecurity and systems engineering. Currently, she is Chief Technology Officer at NordVPN Teams. Prior to NordVPN Teams she held senior UNIX System Administration positions at Telia Company and Barclays. Juta is also a certified RedHat Systems Engineer.

Small and Medium Businesses Are More Vulnerable to Cyberattacks

Tips for Small Businesses on How to Enhance Cybersecurity

By Daniel Markuson, Digital Privacy Expert, NordVPN

According to the study conducted by the Ponemon Institute, only 28% of small and medium businesses mitigate cyber threats, vulnerabilities and attacks effectively. The study revealed that nearly half of the companies have no understanding of how to protect their data, finances, employees and customers against cyberattacks.

However, small businesses may often be even more attractive targets for hackers than larger enterprises. Here are some of the reasons:

  1. The owners of valuable data. Contrary to what most of the small companies may think, they do have useful data for hackers. It can be anything from financial information that can be used for fraud, to the personal details valuable for identity theft.
  2. The path to other companies. Often hackers target small companies for easy access into larger enterprises. It can also be a path into the data of many other small businesses.
  3. Easy to hack. Small businesses often lack adequate cyber-defenses, so they are frequently much easier to hack compared to larger enterprises. There are usually no security personnel and technology in place, so it’s also more challenging to detect an attack when it occurs. Effective handling of cyber threats is impossible without a strategy and strict policies applied to all employees.
  4. More difficult recovery. Every small business has computer-based data it needs to operate. Unfortunately, few can recover from an attack independently. However, a cyberattack might be the end of the road, especially for a small business. Therefore, small business owners are more likely to pay ransoms.

Ransomware and spear-phishing attacks are the most common cybercrime tactics used against small businesses. The first one blocks access to a computer or mobile phone until the attackers receive a ransom payment. The second one is an email-spoofing attack seeking unauthorized access to valuable information. There are hundreds of different ways to harm any enterprise, its employees or customers. Some of the most usual methods don’t even require advanced technological knowledge. For example, social engineering schemes are easy and effective to launch.

Simple tips for small business owners to boost cybersecurity

Do regular backups. Regular backup of your data in a secure location – offsite and offline – is essential. It helps to protect yourself from a ransomware attack. For small businesses with less sensitive data, even external hard drives might be enough. For more significant comfort, consider special paid backup security services (don’t trust free ones).

Secure all your smart devices. Cybersecurity is not limited to your smartphone, tablet or computer. These days, even printers and TVs are connected to the internet, so make sure these are secure as well. If the password and even username are insecure, change them. Additionally, restrict admin privileges to your networks and accounts. Each team member must have their personal credentials with an assigned role. This way you will always know who made a mistake.

Secure all your data. Encrypting your data makes it more difficult to exploit or hijack. A reliable and reputable VPN service provider, like NordVPN, SurfShark or ProtonVPN, can encrypt the online traffic of all your employees. This ensures that your data is safe when they need to access it. Many small business owners and employees work at office hubs or at home, so their data gets sent through unsecured channels. A reliable VPN can fix this problem. Of course, don’t forget that you need an antivirus and a strong firewall.

Educate your team members. It is essential to cultivate the secure mindset of every employee. Keep your team members informed about the dangers of downloading attachments or clicking on links from unknown sources. Make sure to educate them about social engineering tactics, latest hacks and phishing attacks. You can use an online cybersecurity test to understand how much your employees know about digital security.

Always update your devices. Don’t forget to update your computers, tablets, smartphones and other devices regularly. Do the same for software. New updates fix security vulnerabilities and system bugs that could cause insecure situations. Make sure to update your firewalls and antivirus.

Create a strong password. Use unique passwords for different accounts or devices. Make sure to create strong passwords and change them every three months. It’s also crucial for your company to have a strict password policy and ensure that all employees comply with it. Additionally, share some tips with your colleagues on how to create strong and reliable passwords.

An average data breach costs $3.92 million, and that’s a heavy burden on small and medium enterprises. Leaks drive away clients, plus companies end up paying millions in fines and compensations. Even though cyberattacks often target SMEs, the media focuses only on the big hacking scandals. That’s why small company owners tend to think only of major corporations with vast amounts of valuable data as the primary targets. Consequently, SMEs often do not take the most basic steps to protect their digital resources. It’s time to understand that your business’s security is in your own hands.

Bio
Daniel Markuson is a Digital Privacy Expert and Internet security enthusiast at NordVPN. Daniel is generous with spreading news, stories and tips on how to stay secure in the fast-changing digital world.