4 ways to fend off cybersecurity threats

Man working on laptop buffalo plaid shirt glasses
Adobe Stock

Hacked email accounts, bank scams, identity theft — nothing makes us feel more vulnerable than when our online security has been compromised. While no one can be 100% protected from cyber attacks, there are ways to avoid becoming a victim

2023 was a record year for data theft in the U.S, with more than 350 million people affected, according to the Identity Theft Research Center. The FBI reported incidents of cyber crime were also up, leading to a potential $12.5 billion in individual losses. Businesses are victims, too: Statista found that almost 70% of organizations experienced ransomware attacks between 2022-2023, costing companies millions. As cyber crimes become more sophisticated, both employees and employers need to make an extra effort to keep their information safe, and it starts with their inbox. 

"Be suspicious of every single email and report anything that looks suspect," says Brian Vecci, field CTO at data security company Varonis. "The tools for attackers these days are much easier and more powerful than they've ever been. All it takes is you to click on one thing, and your device or account can then be taken over."

Read more:  Why employers should add child disability insurance to their benefits suite

Protecting passwords should also be a top priority on both work and personal devices, says Vecci. Over 80% of data breaches were connected to stolen, reused, or weak passwords, according to LastPass. By just avoiding email links and keeping passwords safe, people are ahead of the curve when it comes to cybersecurity, he says. 

Here are four specific ways individuals and organizations can guard against cyber attacks, according to Vecci.

Spot email red flags

Even if an email looks legit, there are telltale signs that it is a scam, Vecci says. Especially with advanced technology like ChatGPT, emails can be targeted, and therefore more dangerous. When in doubt, delete it. 

"Ask, do I know who this sender is, does this email have a link and what is the actual URL address," he says. "[For example,] you see an email saying you need to reset your Apple password, and the address will say 'apple password dot rdu.'  It doesn't really look like apple.com. These are really small things, but everything should be treated as suspicious." 

Read more:  Could AI trigger a white collar recession?

Practice good ‘security hygiene’

When you use a variation of the same password or a small handful of different passwords for all of your accounts, you're automatically at a higher risk for attack, says Vecci. When one of those accounts gets breached, any other account that uses that version of the password can be compromised. Vecci recommends using a password for work that is not used anywhere else, and the use of a password manager program that can keep track of long, complex passwords for all accounts, versus any kind of written record.   

"We help companies protect their data and catch hackers and protect against these kinds of threats, and when we go and look at everything, we invariably find tens of thousands of spreadsheets that have logins and passwords and other credentials that an attacker could use," he says. "People keep them and they think they're being secure." 

Automate protection

Businesses can also utilize automated monitoring technology as a proactive approach to protecting their employees and their information — especially as IT departments are often busy and understaffed, Vecci says. Though more complex in its implementation, the additional level of protection is essential. 

"You need really effective, intelligent monitoring so that you know what [employees] normally access," he says. "Who do they work with, and what kind of data do they look at? Because if someone clicks on an email and suddenly his account is accessing data that he's never looked at before, and maybe it's at a weird time of day and a strange location, suddenly those are massive red flags that would allow the very stretched-thin security team to know exactly where to look."

Read more:  AI is closing the generation gap in the workplace

Limit who has access to information

Employees should be mindful of what company data they are inputting into AI platforms, shared documents and emails, and companies should limit who has access to sensitive or private information, says Vecci. 

"We've done studies with all of the information we've collected, and on average, about 40% of the data in a given company is open to literally every single employee," Vecci says. "No matter how well trained your employee base is, one small mistake by one user will open up the data in the company to whoever has control of that user or that device, which is why these ransomware attacks got so damaging for so long. Making sure that data is not available to those who don't need to have access to it, especially highly sensitive data like employee records or customer information or credit card data or healthcare information, is really important."
MORE FROM EMPLOYEE BENEFIT NEWS