TAKEAWAY: Cyber-attacks can be costly and damaging to your reputation and bottom line. Discover best practices for keeping data safe and find out how SureHire protects our clients.
Last spring, a single compromised password opened the door to Russia-linked hackers and shut down one of the largest pipelines in the U.S. southeast for 6 days. The public endured fuel shortages and long lines at pumps. At the same time, the company, Colonial Pipeline, suffered a damaged reputation and a 100-gigabyte data breach before finally agreeing to pay a $4.4 million ransom to the hackers.
Colonial Pipelines is just one recent example of the damage that a cyber-attack can do. The war in Ukraine, cyber-attacks by other pro-Russia forces, and the potential for weaponizing cyber-attacks to inflict economic and human damage translate to a heightened threat. Critical industries such as oil and gas are at particular risk given the nature of their business and relatively less well-developed cyber defense strategies. However, the threat is not confined to oil and gas. The U.S. government recently issued all companies a “Shields Up” warning.
Unfortunately, many of these cyberattacks were wholly or at least partly preventable if companies employed the right strategies. Cyberattacks can be costly to reputations and the bottom line, which is why at SureHire, cybersecurity is of the utmost importance. In this article, our security experts share some tactics we employ here at SureHire to keep your data safe and secure and offer insights into best practices other companies should consider using.
Deliver Cybersecurity Awareness Training
Your people are your first line of defense in thwarting any potential cyber-attack. As with any defensive line, one weak link can bring it down. Security efforts must start with education and training for all employees that clearly define the threats they face and how to defend against them. This training should include phishing awareness, password protection, privacy issues, evolving compliance regulations, and focus on insider and outsider threats.
Security training must be ongoing and include ways of testing your defense to ensure it holds. SureHire engages all staff in ongoing cybersecurity awareness training to help keep our client information safe and secure. A combination of training and assessments also ensures our team is up to date on the latest tips and best practices.
Protect Against Phishing
Training is particularly critical to prevent phishing attempts. Phishing is the attempt by cybercriminals posing as legitimate institutions or individuals, usually via email, to obtain sensitive information, including passwords, from targeted individuals. Over the years, phishing operations have become increasingly sophisticated, extending to the impersonation of c-suite executives.
Phishing essentially opens the door to hackers providing them access to sensitive company data and an opportunity to install ransomware and other malicious codes. It can have devasting and long-lasting consequences for a company. Once the hackers have access, they can be challenging to detect and contain. For example, in May this year, security experts revealed that a Chinese hacking group had quietly stolen intellectual property from U.S. and European countries since at least 2019.
Just a month before, Meta uncovered two Iranian-linked cyber espionage campaigns that had employed phishing and social engineering techniques to target activists, academics, and private companies in numerous countries, including the U.S. and Canada. These incidences highlight the need for ongoing vigilance and training and the importance of continually testing anti-phishing procedures. Simulations can help train employees, but they also serve as a continual reminder to remain vigilant.
SureHire regularly sends out routine phishing simulations to test our staff’s ability to assess, detect, and report potential threats. This means our team can be the first line of defense for our clients!
Enable Two-Factor Authentication
Two-factor authentication (2FA) is a standard authentication process that requires someone to log in to a system, such as a VPN or an application, first to provide a username and password and then provide a secondary piece of information to complete the process. This secondary information is often a verification code or passcode sent to a cell phone, email address, or autogenerated by an authentication app.
Companies use 2FA to provide access to sensitive online applications and information. It could, for example, be used for an initial login for operators and engineers in manufacturing. The idea is that the secondary information you must supply serves as a second line of defense protecting your systems and data from hackers if they can obtain initial login information to breach your system.
A massive study of 2FA completed by Google in 2019 revealed that a simple text code stopped 100% of automated bots and 96% of bulk phishing attacks. It further suggested that more advanced authentication devices can stop even sustained, targeted attacks.
SureHire wants to ensure you are who you say you are when you log in to our client portal, SureLink. SureLink, uses two-factor authentication to verify the identities of all clients and testing participants. Our clients can feel confident knowing all data stored in this system is safe and secure.
Leverage Data Encryption and Storage
Data encryption is another method used to protect data. It involves software that encodes information that can only be accessed or decrypted if a user has the correct encryption key. To everyone else, this data is either unreadable or indecipherable. Even if a hacker obtains encrypted data with solid data encryption, it can be rendered virtually useless to them. Theoretically, it takes tremendous computing power to break encryption schemes or algorithms created by the encryption software.
Data encryption covers how your information is stored but where it is stored is equally important. Advancements in cloud technologies have made data easier to store and access by placing it in the cloud and eliminating the need for on-premises storage. However, that often means companies lose control over where that data is housed.
That is a problem for several reasons. Many countries have laws that state that a company must store its data within that country. Then there is the General Data Privacy Regulations (GDPR) in the European Union also affects countries dealing with EU companies. The GDPR places tight restrictions on how companies govern their data and where they can store it. Regulatory compliance and privacy guarantees must be top of mind for every company, regardless of industry.
However, policing your data encryption and storage isn’t enough. It also matters what your partners and vendors do with your data. In February 2022, auto manufacturer Toyota was forced to completely shut down its operations after one of its suppliers suffered a data breach. The breach slowed production because the supplier, plastics company Kojima, had third-party access to Toyota manufacturing plants, but it also affected several Toyota subsidiaries.
SureHire is committed to protecting your data as well as our own. We employ modern data encryption technology and ensure all data is stored correctly. In addition, we offer our clients peace of mind knowing that all Canadian data is stored in Canada and all American data in the U.S.
Test Security Vulnerability
Security vulnerability testing is a critical part of any cyber-security strategy. Usually conducted by a third party, it can identify threats and assess the risks they may pose to a company. This testing is generally performed with several automated testing tools. This includes network security scanners and also often includes recommendations for remediating those risks.
Many organizations are compelled by existing legislation, such as GDPR and the Health Information Portability and Accountability Act (HIPAA), to conduct regular security vulnerability testing, but it’s also good practice. Despite this push, many companies also find it can be extremely costly and do not proceed.
Vulnerability testing can identify the following:
- Security weaknesses – before hackers find them.
- Assess vulnerabilities of third-party systems and partners
- Provide proof to customers and partners that your systems and safe and secure
- Ensure compliance with industry standards and regulations
- Save you time and costs on potential data breaches and other risks
Vulnerability testing can be conducted on multiple systems, including networks, applications, and databases. It generally includes security control checks, analyzing the network for password issues, assessing network strength against specific cybersecurity attacks, and for known and potential vulnerabilities and threats.
SureHire invests in vulnerability testing to ensure that security threats are identified and fixed before they ever become an issue. for our clients and testing participants.
You May Also Be Interested In…
- Prescription medications can be a significant problem for workers in safety-sensitive positions. Here is what employers need to know.
- As one of the most highly-populated States, Texas has a high incidence of injuries and fatalities, year after year. This article examines the Texas data compared to other States and explores the leading causes of workplace injuries and fatalities in Texas.
- What is fentanyl, why is it used, and why are employers adding it to their drug detection program? Get answers to these frequently asked questions and more!
- Respiratory Protection is among the top 3 safety violations released by OSHA in 2022. Here’s how you can help mitigate future risks!
- Drug testing specimen procedures are critical to ensuring fair and reliable results. Here are the answers to your questions regarding our urine specimen collection and dilution protocols.
- What is an enantiomer? What are amphetamine enantiomers? Why is it essential to conduct an enantiomer analysis? Get answers to these frequently asked questions and more!