The 2022 Experian Data Breach Industry report covers the impact of breaches over the past year and turns an eye towards the upcoming months as well, forecasting implications for the continued barrage of cyberattacks.
The report covers trends in the digital landscape that have manifested due to natural disasters and gambling sites (leading to more phishing scams), as well as the vulnerabilities associated with cryptocurrency, NFTs, and digitally entangled infrastructure. Additionally, the report highlights the possibility of a “Cyberdemic 2.0,” pointing out that over the past two years of pandemic-infused life, institutions have adapted to some large-scale change, but “individuals remain the weak link.”
Let’s dig into Cyberdemic 2.0. In what ways are individuals the weak links, and how can companies help stop this trend?
At this point in the pandemic, there are several industry changes that are here to stay–but, it wasn’t that long ago that options like telehealth, fully remote work, contact tracing, and an abundance of zoom meetings weren’t the norm. When the first lockdowns occurred, lots of companies made hurried adaptations to stay afloat in the digital landscape. Initially, cybercriminals were able to exploit the many holes left by the too-rapid shift online. Unsecured home networks and IoT devices also became more common vulnerable entry points.
It’s likely that in 2022, remote work, specifically, will continue to be quite common. The breach report indicates that the balance of digital work and play we currently have will likely continue–think of more live streams, zoom-based company parties, teleconferences, and patient portals. Locking down the security in all these categories is long overdue.
So what can companies do to protect their employees? And what can employees working from home do to protect themselves?
Here are four steps companies can take to increase their digital defenses:
1. Require employees to use company equipment
Provide employees with company-owned phones, computers, and other required devices, instead of asking employees to use their own equipment. Personal equipment likely means unsecured, shared, and easily hackable boundaries.
2. Require and provide VPNs
While your company might have security systems in place back at the office, extending this simple level of protection can help defend against attacks on an employee’s home network as well.
3. Monitor Access
If employees are going to be accessing their desktops remotely, it’s crucial to monitor the pattern of those connections and to have a plan for if suspicious activity is detected.
4. Follow NIST Password Guidelines
NIST standards cover many different topics within cybersecurity, including suggestions for increased password hygiene. Given that compromised credentials are one of the top causes of breaches, following NIST password guidelines is a great place to start addressing these vulnerabilities. Included in the most recent release are suggestions to get rid of periodic password resets, ditch the arbitrary password complexity requirements, and of course, screen for compromised credentials.
Additional security benefits everyone, including individuals working from home, and to the networks of the companies themselves.
Password reuse–a habit that over 60% of users regularly engage in and admit to–is one of the leading issues behind the compromised credential crisis. Compromised credentials are one of the most common entry points for a network takeover—which can lead to ransomware and massive damage.
Consequently, by taking steps to keep their employees informed about the risks associated with their individual accounts, businesses stand to protect themselves from financial and reputational destruction.