A data breach poses one of the greatest risks to corporations today. Yet, only 45% of executives think cybersecurity represents an important aspect of their company, according to the EY Global Information Security Survey. This statistic is surprising, especially when you consider the Ponemon Institute determines the cost of the average global data breach at $3.92 million. In an effort to promote proactive cybersecurity measures, below we present a collection of cybersecurity tips for executives.
Understand That You’re a Target
IT decision makers see C-level execs as the greatest cybersecurity threat they face, so beware, hackers slapped a target on your back. The reason for this target is clear: Executives have access to vast amounts of company data while holding the necessary permissions to get into many different aspects of their company — from finance to engineering. This data is attractive to hackers, and because the C-level is a busy group that travels a lot and uses multiple devices, bad actors have ways to take advantage of these circumstances.
As a known entity within a company, you are a prime target for a whaling attack. These are just like phishing attacks, but they’re aimed at larger targets. To keep your company data safe, verify that each email you receive is from a known, trusted person.
The key here is to not act hastily. Whaling emails often look as if they’re sent from accounting or finance, but many times they’re not. The sender hopes that you’re so strapped for time that you forget to do your due diligence and wire money to a malicious third party. Other nefarious emails seek to install malware/spyware on your device in an attempt to obtain credentials or take control of your system — all you have to do is click on the wrong link or attachment and they’re in.
Tip: One way to know where a link will send you is to hover your cursor over the link and look at the bottom left-hand corner of your browser window. You will see text detailing the exact URL that the link will send you to; be sure to look out for near matches like Anazom.com.
Monitor Your Own Online Presence
Just like you can become a victim of phishing, bad actors look to your social media accounts to form nefarious content aimed at phishing people within your organization. This is an example of a social engineering attack. Because you have power within your org, people are keen to listen to what you have to say via email or social platforms — even if it’s not you. Be careful about what you disclose online.
Tip: Let people in your organization know what you will and won’t send via email. Educating people about what they expect via communication with you helps employees to discern a genuine email from a malicious one.
Know What Kind of Network You’re On
Cybersecurity experts rate public WiFi networks at coffee shops as one of the most dangerous public WiFi sources, and it’s easy to see why. One reason is that sometimes they’re unencrypted, which means the data that flows between your device and the network is easy to decipher.
Another tool they use is deception — bad actors create phony networks that look like real ones. For example, if you’re at a coffee shop called The Red Dragon, a person with malicious intent could create a network called The Red Dragon-Guest to fool users. Once you connect to it, bad actors can view any data that you’re sending or receiving. This represents a version of a man-in-the-middle attack.
But this isn’t the only way your data gets exposed. Snooping and sniffing refer to the ability of a bad actor to eavesdrop on network traffic. This is a risk because any data you send can be captured including usernames and passwords, which of course are the keys to all the data you’re able to access.
Ask Questions to Protect Yourself and Your Company
- Can we enable MFA so a stolen set of credentials are not enough to access our data?
- Do we have a VPN that I can use to protect company data when using public WiFi?
- What policies have been enacted to protect my device(s) in case of theft or losing the device (e.g. full disk encryption)?
- Do we have event logging capabilities to know who accesses what and when?
Be mindful that you’re a high-value target. Know how you’re connecting to the Internet and what not to publish online. Ask the right questions of your security team. Combined, these actions set you and your organization up for secure identities and data. If you have questions, drop us a line.