Every day, the cutting edge of technology gets closer to what was envisioned by sci-fi movies years ago.
The internet is getting faster, virtual reality is becoming more realistic, and AI gets more impressive by the day.
Despite all that, the most common password worldwide in 2019 was still “123456”. Followed, in close second, by its much more secure cousin: “123456789”.
It is clear that there is a dichotomy between the cutting edge and the average user. And that dichotomy is usually at the core of many of the cybersecurity problems that plague businesses today. Before you read on, if you still don’t have a proper IT department, you should visit this site.
The current situation
How important is the data contained in your company notebook, and how secure is said notebook? There should be a direct relation between the two, and you should know the answer to both. The problem is that it can be easy to underestimate how valuable the information in a device is. Until it leaks or gets breached, of course.
If your laptop is logged into your business Gmail account, for example, then suddenly anyone with access can collect every single email conversation you ever had, including details on who are your clients, suppliers, and employees, and everything they’ve ever said to you. Such access would also allow a hacker to send out a massive wave of emails saying… anything they want, really. It hardly matters what is said; such a breach would damage customer trust in your company forever.
That type of attack is not very common. But here’s a type of attack that is. Say the aforementioned Gmail account is also the same account that manages the company’s Google Drive, where all your most important files are. In such a scenario, all a hacker with access has to do is download it all, wipe your Google Drive, and then ask for ransom in exchange for the files being returned safely.
This is a very common type of attack and one that Google works tirelessly to prevent. But it can be hard to prevent it if a company does not have the right security structures in place. The case listed above involves just one machine being compromised: your personal notebook. But is that the only device connected to your work Gmail account? And is that the only account that could potentially delete your entire Google Drive, or whatever cloud storage service you use?
How to be safer
When it comes to cybersecurity, who has the authority to do what in the company’s digital bubble is very important. Google offers good tools to help companies control who can see what and who can delete and modify which files. But as companies grow bigger, it’s easy to give employee accounts too much authority without realizing it. Especially if the company in question is operating without proper IT support.
The Gmail example is the easiest to understand. Ideally, there should be only one account with the authority to delete your entire Google Drive, and that account should be used solely for the purpose of managing cloud storage and be locked behind all sorts of security measures. That’s way, there is only one door hackers can get through to do a ransomware attack, and said door is the thickest door in the metaphorical building.
Identifying these potential points of attack all on your own can be a monumental effort. This is why it’s best to hire outside auditors to take a look at your company’s network and suggest necessary security changes.