IT security is not a one-off investment but a continuous process. Every company must be prepared for three major threats: malware, phishing and ransomware – phenomena that are constantly evolving. Above all, don't think that smaller or medium-sized companies aren't at risk. They are in fact a likely target for intruders with malicious intentions.
IT security is more complex than ever because cyber-threats come in many forms and because our way of working has changed dramatically. Now that employees are fully into mobile working with all kinds of different devices, it is much more difficult to protect your IT efficiently against threats such as malware, phishing and ransomware.
Malware, also mobile
Malware – a contraction of ‘malicious software’, is a software program that is designed to intentionally cause damage to computer systems, collect financial or personal information, or to gain access to IT systems. There are different types of malware, of which the computer virus is one of the best known.
The main entry points are the vulnerabilities in software that give malware the chance to install itself on your systems. More and more, the vulnerability isn't in the software programs themselves, but with the end user who clicks on a link in an e-mail or visits unsafe websites. Mobile devices are also increasingly the target of all types of malware. Reliable mobile apps and a secure connection are a good first step if you don't want to expose important information.
Phishing and smishing
Number two among the biggest cyber-threats is currently phishing – derived from ‘fishing’ for information. Here hackers use subtle ‘social engineering’ tactics to trick users into giving their login information, credit card number or other sensitive information. This is usually done through an e-mail that closely resembles a real message from a trusted sender, such as your bank or a government service, and which leads to a website that is just as fake.
Phishing also has a mobile variant: ‘smishing’ or SMS phishing. Then the misleading message is sent by SMS. The link is more difficult to check on a mobile screen, making it easier for the receiver to fall into the trap. Hackers are also increasingly using Facebook Messenger and WhatsApp to obtain sensitive information.
Ransomware: never pay ransom
Finally, there is also ransomware, which is actually a type of malware. The malicious software program encrypts the files on your computer or server. You then get a message that you have to pay a ‘ransom’ to unblock access to the files – which of course you shouldn't do. The advice is to isolate the infected IT systems from your company network as quickly as possible and contact your IT service provider.
It may sound like a Hollywood scenario, but unfortunately ransomware is a growing problem for companies. Between 2016 and 2019, the number of ransomware attacks in Belgium tripled, according to the Belgian insurance broker Vanbreda Risk & Benefits. For example, in June 2019 a Belgian manufacturer of aircraft components came to a halt for no less than three weeks after a ransomware attack. Even after that, they still couldn't reach the normal production capacity because for a time they had to perform many of the processes manually again.
Play on all levels
It is clear: there is no simple antivirus package to help against the latest cyber-threats. Your security will only work if you not only tackle the problem on a technological level but also combine this with security awareness trainings for your employees. And finally, prevention is always better than cure, but despite all the precautions you can never completely rule out security problems. So you also need a plan of action in case things go wrong anyway.