In an increasingly interconnected world where digital devices often serve as the lifeblood for many businesses, some of the most significant vulnerabilities for cybercrime lie in the devices entrusted to employees.
From laptops to smartphones, these devices often serve as gateways to sensitive company data, making them prime targets for cyber criminals.
Jimmy Khosa, manager: cyber security at BDO highlights some of the risks associated with company devices, how cyber criminals exploit these vulnerabilities, and the measures employees can take to safeguard against potential breaches.
The modern workplace is increasingly reliant on digital technologies, with employees relying on company-issued devices to efficiently do their jobs.
Unfortunately, this convenience comes with risks. Company-issued devices allow users to work both inside and outside the corporate network, blurring the lines of traditional security perimeters and exposing them to a myriad of cyber threats.
So much so, that the World Economic Forum has warned that with the explosion in connected mobile devices and 5G-enabled internet of things (IoT), cyberattacks on devices look set to increase in future.
The rise in hybrid and remote work has further exacerbated these risks. With one of the most prevalent risks for cybersecurity already being malware, more employees accessing company systems and data from unsecured networks or personal devices means that cyber criminals are developing even more sophisticated malware which introduces additional vulnerabilities.
This in turn makes it easier for cyber criminals to infiltrate corporate networks undetected.
The tactics of cyber criminals
Cyber criminals employ a range of sophisticated tactics to exploit vulnerabilities in company devices. One common method is through social engineering, where attackers manipulate employees into divulging sensitive information or clicking on malicious links through deceptive emails or messages. Once inside the network, attackers can escalate privileges, install malware, and exfiltrate data with alarming ease.
Another prevalent tactic is exploiting software vulnerabilities. Attackers leverage known weaknesses in software applications or operating systems to gain unauthorised access to devices. This highlights the importance of doing regular software updates and patch management to mitigate these risks.
Cyber criminals are also increasingly targeting remote access points, such as virtual private networks (VPNs) or remote desktop protocols (RDP), to bypass traditional security measures and infiltrate corporate networks. Weak or default credentials provide attackers with an easy entry point, which is why the importance of robust authentication mechanisms and secure access controls simply cannot be overstated.
Protecting company devices is a collective responsibility
Safeguarding company devices is not solely the responsibility of the IT department but should rather be a collective effort from all employees. There are also several proactive measures businesses can take to enhance the security posture of their employee’s company devices, such as:
* Raise awareness – Educating employees about common cyber threats and best practices for cybersecurity is crucial. Regular training sessions and awareness campaigns can help employees recognise phishing attempts, malware, and other malicious activities, reducing the likelihood of successful attacks.
* Practice good cyber hygiene – Implementing strong password policies, enabling multi-factor authentication, and regularly updating software and security patches are fundamental measures in mitigating cyber risks. Encouraging employees to adopt these practices ensures that company devices can remain resilient against evolving threats.
* Use secure connections – When accessing company resources remotely, employees should use secure and encrypted connections, such as VPNs, to protect sensitive data from interception. Avoiding public Wi-Fi networks and utilising company-issued devices for work-related activities further reduces exposure to potential threats.
* Exercise caution online – Employees must be warned to exercise caution when browsing the internet and refrain from clicking on suspicious links or downloading unknown files. Implementing web filtering and content management solutions can provide an additional layer of protection against malicious websites and phishing attempts.
* Report suspicious activity – Encouraging employees to report any unusual or suspicious activity on their devices means that if an issue arises, security teams can respond quickly to potential security incidents. Establishing clear reporting procedures and channels ensures that security incidents are promptly addressed, minimising their impact on company operations.
As quickly as security teams are responding to incidents, cyber criminals are developing brand new ones. It is estimated that every day, 560,000 new pieces of malware are detected.
There are now over 1-billion malware programs in existence. Let that sink in for a minute. These numbers are staggering and should be cause for serious concern. Protecting company devices is not just a responsibility but a necessity in preserving the integrity and resilience of corporate networks.