Three Cybersecurity Steps Every IT Department Should Take in 2020

0
1320

Cybersecurity threats never stop evolving and adapting to our best efforts to thwart them. That’s good for job security, but it can cause IT support companies some sleepless nights. Here are three ways your company can stay ahead of the cybersecurity curve in 2020 (Hint: this year, it’s less about your system’s hardware than your employees’ wetware).

  1. Guard Against BEC Phishing

The weakest link in your security infrastructure isn’t your server or your firewall. It’s Dave. Or Becky. Your IT infrastructure might be well secured in its own right, but a company’s employees can inadvertently give bad actors the credentials they need to enter the system and cause havoc. And more often than not, they do so through seemingly innocent emails.

Business email compromise (BEC) scams often work slowly, gathering one or two bits of personal information at a time until hackers have gathered enough information to impersonate an employee throughout the system. For example, employees might receive an email, apparently sent by HR, asking them to verify their mailing addresses. 

Hackers gather this information and use it to perpetuate another scam, this time asking for more sensitive information, like social security numbers or banking information. When these sorts of red-flag requests are accompanied by personal information gathered in previous rounds of the scam, they’re likelier to be honored. The process continues until hackers have all the information they need to impersonate employees and traverse your systems.

Some BEC messages are mundane requests from HR; others might appear as urgent demands from C-level executives. Whatever approach they take, BEC phishing scams are increasingly common, and should have a significant place on your 2020 training curriculum.

  1. Talk About File Sharing

Phishing isn’t the only way that employees compromise IT security. Most of us use unsecured platforms to share personal files with family and friends, and many of us rely on cloud storage to back up our personal data. When those habits spill into the workplace, it represents a huge security risk. 

This isn’t a theoretical concern. Nearly a third of respondents to a recent Code42 survey admitted that they use social media to collaborate and share business-related files with colleagues. 

The dangers of this approach are obvious when we look at file sharing from a security perspective. And that’s the heart of the problem: employees tend to believe that their personal files are well enough secured at home, and to apply that same sense of confidence to work files. 

It’s up to you to correct that presumption. Explaining why your company’s own sharing tools are the only appropriate ones is all most employees need to draw the line appropriately.

  1. Implement a Formal IoT Policy

In 2020, the Internet of Things, or IoT, will enter the mainstream: Gartner expects a 21% increase in the deployment of IoT devices used in enterprise and automotive environments. Even if your company isn’t heavily invested in the IoT, this is the time to develop policies and procedures specifically for those devices.

At a minimum, your IoT policy should include an inventory system that identifies your IoT devices and describes what they share and with whom. This inventory will also help you secure each IoT device before it is deployed, and to keep up with patches and updates. 

2021 will bring its own cybersecurity threats. For now, these three steps will help you anticipate 2020’s biggest risks and guard against them.