BLOG

Last year was a nightmare when it came to businesses and cybersecurity. Seemingly every few days, a big new breach popped up — one that compromised patron data, blemished a business' reputation and generally left customers with an uneasy feeling about the security of their personal information. This year, companies out there have two basic options when it comes to securing their infrastructure. The first is to let the nightmare continue by being inactive about cybersecurity. In this case, a business can simply wait around for the inevitable attack that may prove enterprise-ending. But there's a second option: Wake up to the very real computer security problems that face all companies, and do something about it. You'd think that all businesses out there would choose this latter route. After all, it's the path of least risk — the path you take when you don't want to end up as the next major breach headline. But it seems that the majority of companies out there have not reached this point yet. As a recent survey about disaster recovery found out, 50.5 percent of respondent organizations stated that they were only "somewhat" ready for a recovery event. Unfortunately for these organizations, cybercriminals realize this lack of preparedness, and are always looking for ways to take advantage of it. In the absence of organizational protective measures such as multifactor authentication, a cyberattack can quickly turn into an event that necessitates major recovery. For small- and medium-sized companies, this kind of thing can prove business-ending.

In today's threat atmosphere, lack of preparedness is not an option

Perhaps five or 10 years ago, businesses could get away with less-than-stellar enterprise security. But that's not the world we live in anymore. These days, a weakly guarded business is an easy target. And the Internet is crawling with criminals looking for just such targets. The immediacy of cyberthreats was highlighted by a recent report, which discovered more than 75 million new malware strains in just the last 12 months. Here is another way of looking at that number: More than one-third of new malware ever came out in 2014. And as far as the types of malware that arrived on the scene, they ran the full spectrum of cyber threats. From trojans and worms to viruses and adware, 2014 was the year that really signaled the emergence of the all-powerful hacker. Starting with a breach that compromised approximately 40 million credit and debit cards, 2014 continued on in that fashion, with massive breaches cropping up left and right. If you finished out the year without your personal information getting compromised in some way, you could consider yourself pretty lucky. And yet in spite of the huge and potent presence of cyberattacks, many businesses out there do not seem to be getting the memo. That is not good, since as far as malware is concerned, 2015 promises to be no different than last year. "Security threats will increase in 2015, and both companies and home users must prepare themselves to respond to them," cybersecurity Luis Corrons said, according to CNET. "It is not a question of whether their security will be compromised but rather when and how, so in this case prevention is key."

Preparing for a heightened level of threats

It should be pretty clear by now that complacency is a guaranteed road to attack when it comes to enterprise security. Instead, organizations need to be conscious of the threats they are facing — and then do something about it. Here are some key things every business can do to ramp up its security level and significantly decrease the odds of getting attacked:

• Encrypt emails: Where is one of the first places hackers look to intercept privileged data? Information in transit. For corporations, that means business emails can be some of the most vulnerable things out there. But they do not have to be. By implementing an email encryption solution, a company takes a big step toward reducing the risk of malicious interception. Encrypting email ensures that the data contained within a message is guarded as it travels from point A to B.
• Guard mobile devices: More companies than ever are incorporating mobile devices into their enterprise network, which is just fine as long as these mechanisms are guarded just as stringently as are their computers. Let's say an employee of a mobile-connected business accidentally downloads a malicious app onto his or her phone. If your company does not have mobile security in place, that app could quickly find its way into your corporate network. With corporate mobile connectedness, the odds of getting attacked shoot up — but only if the devices are not protected.
• Don't rely on passwords to protect accounts: There is no such thing as an unbreachable password. For hackers, every password is fair game. That's why companies that have only a password separating people from the corporate network run such a high risk of attack. In order to truly protect access to the business network, organizations need two-factor authentication, a solution that ensures that even if a cybercriminal guesses a users' password, he or she will still have to pass through an additional identity-verifying wall in order to access the business network.