Cyberattack: How to avoid a cyberattack
How do you see the present threat picture? How can we protect our company against data leaks? Who is responsible for security in the company? These are questions that this article answers.
In an increasingly digital world, where everything from company finances to democratic processes in general depend on secure and robust cloud solutions, the threat picture is becoming ever more daunting. Cyberattacks are more frequent, more devious and more damaging than before.
Who has forgotten the WannaCry and NotPetya ransomware that hit key social infrastructure around the world? Or the Twitter password bug that earlier this month exposed users’ passwords to the company’s employees? Such incidents illustrate the importance of data security to companies, and of protecting ourselves against such attacks.
“If you don’t have proper security systems in place, you are obviously much more vulnerable to cyberattack from outside. In today’s world, security is something all companies should take seriously”, says Ole Martin Refvik, Head of Security at Admincontrol.
Phishing, spying and client-side attacks
How do you see the present threat picture?
Refvik explains that the threat picture is constantly changing, making it difficult to know where the next big threat will come from.
“In general, it is clear that phishing and spying by government agencies have become more frequent in recent years. Other challenges are clientside security (data on mobile devices). Even though smartphones and tablets have simplified and streamlined communication, they have also increased security risks and data protection concerns.”
“Previously, attacks were often aimed at company networks by exploiting security holes in the operating system. The focus was on servers that store business-critical data, but now we are seeing more and more attacks targeting the client side and often with the aim of stealing data or as a stepping stone into the company.
“Two areas in particular present significant security challenges: The first is desktop applications, where suppliers have typically been lax in closing security holes. The second area is websites and web applications.”
Companies needs to be more alert
How can companies protect themselves against these attacks?
“I think people simply need to be a bit more on their guard. Everyone should adopt good password routines, ensure their systems are updated, log out from and lock digital devices when not in use, and use tried-and-tested security solutions. People should also be cautious about which new applications they download.”
Refvik points out that a huge amount of information is still shared through plain e-mail and file-sharing solutions.
What are the potential consequences of data loss for a company?
“Data loss and the loss of access can completely paralyse a company and damage its reputation, so we encourage everyone to store sensitive documents in a robust and secure cloud solution. It’s easy to imagine that ‘this won’t happen to me’, but you can simply never be 100% certain.”
Refvik points out that in Admincontrol’s iOS app, all data is encrypted and that the app also implements a secure shield.
This shield provides extra security that prevents external attacks. With Admincontrol , you can be sure that all your sensitive documents are safe.
Must take security seriously
Refvik states that security is a topic that should be on the agenda and discussed right up to board level in the organisation, in enterprises both large and small.
“You’ll get nowhere without the topic having a proper grounding at management level. Security is fundamentally a management responsibility, although management must also have access to security expertise. At Admincontrol, all employees are trained in everything from creating secure passwords to avoiding harmful e-mail attachments. It is crucial for this to become second nature”, he says.
“We all need to ride the digitalisation wave, but this must not be at the cost of security”, he continues.
In 2018, Admincontrol was ISO 27001:2013 certified after two years of intensive efforts.
“This demonstrates that we are working hard to deliver maximum security at every stage of our services. Your sensitive documents are safe with us”, says Refvik.
Refvik points out that, by taking certain precautions, you can reduce the chance of your company suffering a cyberattack.
Here are Refvik’s three tips for achieving good information security:
1. Management must take security seriously!
Stop thinking “this won’t happen to me”, because anyone can be hit by a cyberattack. Develop a security culture and systems for protecting the company against future attacks. Security is a topic that needs to be moved up the agenda and right up to the company’s top echelon.
2. Adopt user-friendly and tried-and-tested security solutions!
If you choose sharing platforms that give security the highest priority, you will have full control over all your sensitive data. You will control who can access the different documents, and can also receive reports showing who has been in to read them.
3. Train your employees!
All employees should receive training in everything from creating secure passwords to knowing which documents can be safely opened and which should not be. It is crucial for security to become second nature to EVERYONE in the company.