A new cybersecurity report by Symantec equates the public’s past dismissal of seatbelts in cars with consumer’s laissez-faire attitude when it comes to defending their devices against hackers.
Cyberattacks are a risk many consumers are ignoring – and a number of businesses seemingly don’t know how they can protect themselves.
That’s especially true when it comes to the security of mobile devices in the workplace according to Jamie Manuel, information protection manager at Symantec.
“We’ve been programmed through the years, through marketing campaigns, that you have to get something on your computer to protect your computer,” Manuel said. “But with everyone using their tablets and their smartphones right now, we tend to forget it’s essentially the same thing.”
Manuel gives the example of an employee using social media on their device at home and at work, effectively compromise the entire system if they click on a bad link.
The jeopardizing of a cyber security perimeter through their employees’ phones is something insurers can mitigate by seeing staff as an extension of their cyber safe strategy, advised Manuel.
It’s like if a child brings home the flu, gives the virus to his parent who’s an employee of a company, and that employee infects their entire office with the flu, Manuel explained using another analogy.
But phones and tablets aren’t the only vulnerable devices that insurers should look out for.
Smart thermostats and webcams connected to the internet are often left unsecured and have their updates ignored, Manuel said.
“They often come with basic administrative passwords for someone to come and make changes…you can Google those (passwords) and they’re often in the user guide,” Manuel said, giving the example of a basic password being ‘admin’.
“If I go into an insurance shop and I’m looking to buy car insurance, or whatever, and I see that they have a certain make and model (of webcam) I say ‘thanks for the quote’, go out to the car, Google it, check what the administrator password is for that model and then easily hack into that,” Manuel said. “Once I’m in there, I’ve got access to a lot of stuff.”
There are ways to fight back against these kinds of dangers, however.
Most notably for insurers, using The Cybersecurity Framework created by the National Institute of Standards and Security’s (NIST) to analyze both internal safety and the clients’ risk levels is a flexible option for companies of all sizes.
Ensuring there are daily data backups is another pro-move tactic.
Manuel described a small business that was hacked with ransomware; when they refused to pay, the hackers wiped the entre company’s digital storage.
But because the company backed up their information on hard drives, they only lost one hour of transactions.
Even without backing up data, Manuel still advises not paying a ransom for stolen information, because hackers might not live up to their end of the deal or they could make the company that paid the target for future attacks.