Check Point Software Technologies has highlighted the need for each and every individual to prioritize cybersecurity, in both their business and personal lives, in order to fend off the ever-increasing risk of cyberattacks.
For companies, cyber risks are increasing all the time. In fact, according to Check Point Research (CPR), attacks increased by 59 percent compared to last year. Here in India, an organization is being attacked on average 1742 times per week in the last 6 months, compared to 1167 attacks per organization globally.
A recent World Economic Forum report revealed that 95 percent of cybersecurity problems are caused by human error. The 2021 (ISC)² Cybersecurity Workforce Study showed that we are lacking almost three million cybersecurity professionals worldwide.
“Most cyberattacks occur because of human error so it is in their hands to improve cybersecurity, both at home and at work. This is an essential activity in which we all have a part to play,” said Sundar Balasubramanian, Managing Director, Check Point Software, India & SAARC. “The term ‘If you are not part of the solution, you are part of the problem’ fits perfectly when it comes to cybersecurity and users.”
In light of this, some organizations have started to implement cyber initiatives for their employees. For example, Santander, a multinational financial services company, recently launched an incentive scheme whereby employee responses to phishing attacks are considered as part of the overall company bonus policy.
Having staff that is well trained in cyber hygiene is one of the best foundations for good cybersecurity, and so, for Cybersecurity Awareness Month, Check Point Software provides some useful information to help companies identify attacks.
- Phishing: this is a technique that is often successful due to a lack of employee training. Often in the form of an email, it is when a cybercriminal will impersonate a colleague, company or institution to obtain personal data to then sell, use for identity theft, or to launch further cyberattacks. It’s important to be careful when receiving emails, particularly any that include an unusual request. You should check the sender’s address is legitimate, check for grammar errors and any misspelled words, and don’t click on any unfamiliar links or open attachments.
- Malware: this is malicious software that is designed to harm a device or network. In order for it to be successful, the victim has to install such software on their computer, which is usually done by clicking on a malicious link that automatically installs it but it can also enter through a file such as an image, document or video attachment. Again, it is crucial to be careful when receiving emails that contain links or files, and only download software from official stores.
- Ransomware: this is a type of malware attack that blocks access to systems unless a ransom is paid. For some time now, there has been double and even triple extortion ransomware, which is capable of blackmailing the victim’s customers too. Like malware, it usually enters a device through a link from a trusted company or a file downloaded to it. Therefore, it is very important not to download anything from an unknown user and utilize multi-factor authentication.
To avoid becoming a victim of phishing, malware, and ransomware, Check Point recommends:
- Enable two-factor authentication: sign into your accounts with both a password and one other method. It could be a question, biometric data or a one-time code sent to your device. This creates an extra layer of security that prevents an attacker from being able to access an account with just a password.
- Use strong passwords: using the same keyword for everything, or simple combinations such as “123456” or “password”, is making it too easy for cybercriminals. There are now a multitude of platforms that can generate strong, difficult-to-guess passwords with upper- and lower-case letters, numbers and symbols. Although we can also create them ourselves, it’s important to remember to use different combinations for each service.
- Learn how to recognize phishing: when an attacker sends a phishing email, there are usually some common identifiable traits such as misspellings or the fact that it asks for credentials to be entered. A company will never ask for a customer’s credentials on email. If in doubt, always go to the official page or platform of the company you want to access.
- Always keep software updated: it is always advisable to update to the latest version of a company’s software as this is the way that they correct security errors of previous versions.