Last week, veteran cybersecurity reporter Steve Ragan tweeted the following:
Cybersecurity PR professionals everywhere hurried to their sent email folder to double-check that they weren’t the contact mentioned—including myself. Though most cybersecurity professionals preach and pitch best practices to keep organizations safe from cyber threats, we all engage in practices that could be putting our respective companies and those we engage with at risk.
The ways in which malicious actors can gain access to critical information has increased exponentially over the past couple of years. Recent data shows that the number of spam emails with malware attached has increased 3.3 times thus far in 2016, compared to the same period in 2015. Over the past year, the U.S. IRS has seen a 400 percent uptick in phishing and malware scams, many of which take advantage of social engineering to trick users into giving away valuable personal information. Gartner predicts that 6.4 billion connected “things” will be in use in 2016. That’s 6.4 billion more endpoints for hackers to try and use to gain access to networks or sensitive data.
Knowing that cybersecurity threats are on the rise, there are ways to make sure you and your agency are protected. Here are some options to consider:
- Monitor cloud application use: Do you use DropBox, Box, Google Docs and other cloud apps? PAN client Blue Coat recently found that 1 in 10 broadly shared files in-cloud apps expose sensitive and regulated data. If cloud application usage is critical to your agency’s everyday activity, don’t worry. Encourage your IT department to adopt a CASB solution (Cloud access security broker), which can help you monitor cloud application use and risk.
- Trust your instincts: Does your award-winning CFO normally email you asking for your social security number? If not, check out the email address and call him or her to confirm. Phishing emails are meant to look like they came from someone you might know, but upon closer inspection, you’ll most likely be able to point out an inconsistency.
- Change your password: If your password is “password,” or you have your password written on a post-it note on your desk, we need to talk. Research from PAN client Rapid7 shows that the number one method used by attackers to both compromise and extend malicious control over an enterprise network is the use of compromised user credentials (aka your login and password). It might seem simple, but creating a complex and unique password is worth it! Think about it this way: according to research conducted by IBM and the Ponemon Institute, the average total cost of a data breach in 2015 was around $3.79 million. By changing your password, you could save your company almost $4 million. If that isn’t merit for a raise, I don’t know what is.
- Educate yourself: If you’re aware of what modern attacks look like and you take the time to educate yourself and others, you’ll be much better prepared when faced with a potential cybersecurity risk or attack.
- Plan ahead: In agency life, we’ve got plans for everything – weekly, quarterly, new business and more. If you’re planning to keep your agency safe, having a security plan is the most important plan you can have. Ask your IT team or senior management if you have one in place. A good plan will have best practices for employees using email, social media and safe Web browsing.
- Back it up: Sometimes the attacker might win. By accepting that, we can prepare for the worst and back up all files and systems. If you’ve been affected by ransomware, oftentimes the only solution is to wipe your system and rely on back-up data. Solutions like those offered by client Carbonite can help make sure that you and your peers have a way to quickly recover all documents.
At the end of the day, things happen. As Steve Ragan writes, “Public relations and journalism are hard businesses to be in, and when it comes to email-based threats, those of us in this profession have a higher risk factor than most, similar to those who work in HR and procurement. All day long we see emails from strangers with links to follow and attachments to open.”
There’s not silver bullet solution that will stop all attackers. It’s up to us to do our due diligence and make sure we’re protecting our companies and ourselves.