Eight Ways to Strengthen Your Company’s Cybersecurity Strategy
Thursday, September 30, 2021
By Taylor Mitchell, senior vice president, technology and standards, Auto Care Association
Vehicle security is a critical conversation and you can learn all the latest information about safe, secure and standardized access to vehicle repair data at the Auto Care Emerging Technology booth (A30001) and in Joe’s Garage this year at AAPEX 2021. But as your teams prepare to travel to AAPEX, don’t forget that business and personal cybersecurity safety is also extremely important.
Ransomware. Cyber attacks. Consequences including huge payoffs, potential revenue loss and disrupted operations. Soaring cybercrime rates are keeping many IT and other business professionals up at night. Before your employees travel with your company devices, such as phones and laptops, be sure to educate them on safety and privacy best practices before they hit the show floor.
Cyber Crime on the Rise
In 2020, the FBI’s Internet Crime Complaint Center (IC3) received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. These numbers are expected to be significantly higher in 2021.
Ransomware is a type of malicious software (malware) that encrypts computer data, making it unusable. Malicious cyber-criminals hold the data hostage demanding a ransom payment. One of the most common infection methods is through phishing where criminals impersonate legitimate organizations to gain sensitive information.
Phishing, vishing (voice phishing), smishing (SMS phishing), and pharming (website redirects) more than doubled from 2019 to 2020. This number is expected to increase in 2021. The primary vector is email, but the goal of phishing, vishing and others is the same: to steal sensitive data like credit card and log-in credentials. Attacks have become very sophisticated and often appear to come from your bank, your HR person, or your boss. Tell your teams: Always think before you click.
Adapt to the Evolving Landscape
Combating this growing threat requires skilled professionals and ongoing investment by companies to train their employees and deploy tools to fight this digital warfare. Companies must have a cybersecurity strategy and continually assess and refine it to adapt to the evolving landscape.
Not sure where to start? While not an exhaustive list, there are a few key things every company can adopt and deploy:
- Require multi-factor authentication and strong password management tools.
- Enable strong spam filters to prevent phishing emails from reaching end users.
- Filter emails containing executable files from reaching end users.
- Implement a user training program and simulated attacks.
- Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner.
- Filter network traffic to prohibit known malicious IP addresses and block malicious sites.
- Develop a data backup plan
- Develop a recovery plan
As we return to in-person after 18 months of operating from home, be sure to educate your employees on device security and safety during travel. Doing so can prevent costly breaches that could affect both you and your customers.
Several of the AAPEX sessions this year focus on trust-based selling, business differentiation and advanced financial strategies. Properly executed, a sound cybersecurity strategy can help you establish that trust with customers and protect you from financial disaster.