July 2024

6 Warning Signs Your Team May Be Vulnerable to Cyber Attacks – and Our Tips to Stay Safe

Tom Baragwanath Head of Content Riot
Tom Baragwanath
Head of Content

Right now, scammers around the world are dreaming up new ways to get the better of you. And while you might know how to keep your networks, data, and money safe, cybersecurity is a team sport – you’ll still be at risk unless your colleagues do their part, too.

So, how can you boost your team’s cybersecurity and stay safe together? You can start by looking at the biggest risk factors and making a plan to keep these under control.

In this article, we look at six common signs your team may be vulnerable to cyber attacks. We’ll also offer some proven tips for addressing these vulnerabilities and managing your risk, including boosting your cybersecurity with unforgettable awareness training.

Let’s start with something we’ve all become way too familiar with lately.

#1: Your team is working remotely

Over recent years, millions of people have shifted into working remotely at least part of the time, including an estimated 60% of knowledge workers. And while this flexibility has been a welcome change for some, it creates a whole new set of cybersecurity risks.

That’s because working across a range of WiFi networks (especially public networks) increases the attack surface scammers can use to access company systems. A distributed workforce also makes it a lot harder for your IT team to maintain core network protections, and creates the risk that unauthorized people might be accessing sensitive data.

Given these risks, it’s unsurprising that we’ve seen an estimated 238% increase in cyber attacks coinciding with the shift to remote work over the last few years.

How to help your distributed workforce stay secure

A distributed workforce presents security challenges, but you can keep your team safe by:

  • Encouraging people to use a VPN or secure WiFi network, and to avoid risky public networks (for example, WiFi in airports, libraries, or cafes).
  • Teaching people how to identify and report cyber attack attempts targeting remote workers (for example, invoice fraud impersonating managers or accounting teams).
  • Mandating the latest antivirus and Data Loss Prevention (DLP) software – and making it easy to report spam emails and attempted data exfiltration.

And speaking of distributed workforces, here’s another common cybersecurity vulnerability.

Learn more: 3 Ways to Take Control of Your Digital Footprint and Stop Giving Scammers a Head Start

#2: People are using their own devices for work

With the shift to cloud-based systems, the days of working on a single company-owned device are well and truly over. Now, 97% of executives access work accounts on personal devices, with many of us mixing work and personal use across different phones, laptops, and tablets.

This might be faster and more convenient, but it turns every device into a potential entry point for scammers. And unsurprisingly, scammers have capitalized on this shift, with attacks on mobile devices growing by 50% over recent years – including attempts to access company networks.

How to turn BYOD into NBD

If your team works across a mix of personal and company devices, you can encourage them to:

  • Keep their operating systems updated, as having out-of-date operating systems increases the risk your team’s devices could be exploited.
  • Be extremely cautious about downloading apps, making sure they’re not disguising malware.
  • Limit the people with access to their devices, for example, family members and children.
  • Set strong passwords and access codes, including using a password manager.
  • Follow company guidelines on what happens if a device with work access is lost or stolen.

#3: You’re relying on generic cybersecurity awareness training

A cybersecurity awareness training program is the single most effective step you can take to keep your team safe against potential attacks. This training helps people identify the most common and disruptive scams, and teaches them the techniques they need to stay secure.

But to get this right, you need cybersecurity training tailored to individual needs and work contexts. Unfortunately, a lot of the training organizations provide is still generic and forgettable.

How to provide the awareness training people deserve

People are used to boring cybersecurity training that feels just like any other annual compliance exercise. That’s why they switch off, and why scammers win so often. Instead, we need to:

  • Invest in tailored awareness training to match individual needs and experience levels.
  • Offer people fun and engaging training experiences based on real stories.
  • Let people learn where they already work, for example, in Slack or Teams.
  • Cover foundational topics like password best practices and data security alongside advanced subjects like spear phishing, digital footprints, and AI-powered deep fakes.
  • Follow up training with phishing simulations to test people on how much they remember.

At Riot, we make it easy to boost your cybersecurity awareness through tailored training people can’t help but love. Chat to one of our experts to find out more.

#4: You aren’t encrypting or backing up your data

In 2019, two Facebook app developers accidentally leaked unencrypted records relating to over 540 million users, including names, photos, location check-ins, and passwords. While this wasn’t malicious, it illustrates the risks involved with failing to encrypt and back up data adequately.

Unprotected data storage and administration is a big sign you and your team might be vulnerable to cyber attacks. Specifically, if you’re failing to encrypt sensitive data, this opens you to the risk of catastrophic breaches should fraudsters access your systems and demand ransom.

How to take the stress out of data management

Data management might sound technical, but it doesn’t have to be. You need to:

  • Encrypt and protect sensitive data everywhere, and keep keys secure – particularly when sharing data with third-party business partners.
  • Make a multi-pronged backup and recovery strategy to spread the risk of data loss.
  • Invest in a tool to notify you whenever any company logins are affected by data breaches.

#5: Your network isn’t adequately segmented

Another technical vulnerability relates to network segmentation and user access monitoring. Specifically, users accessing wider parts of your organization’s network with the same login creates a higher risk of cyber attack – and so does failing to actively monitor user access.

For example, take the Banner Health data breach. In 2016, fraudsters managed to access the company’s databases through its food and beverage payment systems, eventually accessing sensitive health information relating to 2.81 million patients.

A subsequent investigation found the health provider hadn’t adequately assessed the risk of cyber attacks targeting its single shared network, and hadn’t been actively monitoring user access to identify potential attacks.

How to set access to minimize your risks

You can address the risks involved with unsegmented network access by:

  • Separating the most valuable company assets in separate networks and limiting user access.
  • Developing a company-wide policy governing who has access to which parts of the network.
  • Adopting the principle of least privilege when it comes to data access.
  • Limiting third-party network access – including supply chain partners (see below).

#6: Your supply chain partners are vulnerable to cyber attacks

Finally, a word on your supply chain partners. Scammers are now regularly targeting organizations through attacks on their supply chain partners – particularly when these partners have access to sensitive data. That’s why it’s so crucial to ensure a shared commitment to cybersecurity across your business network – especially your supply chain partners.

For an example of how this can go wrong, let’s look at Okta. In 2021, the company experienced a major data breach as a result of security vulnerabilities on behalf of Sykes, one of its customer support providers. This shows why active third-party cybersecurity management is so crucial.

How to keep your whole network safe

You can proactively address the risks involved with third-party cybersecurity practices by:

  • Requiring supply chain partners to comply with core cybersecurity and data protection measures.
  • Restricting third-party access to systems and data, and actively monitoring access.
  • For EU organizations, observing NIS2 requirements to investigate supply chain partner cybersecurity protections and take reasonable steps to address any vulnerabilities.

Ready to make NIS2 a walk in the park? Download our free six-step compliance checklist.

Six-Step NIS2 Compliance Checklist
A checklist to make NIS2 compliance simple and easy.

Fight cybersecurity vulnerabilities with great awareness training

When it comes to stopping cyber attacks, it isn’t enough for you to roll solo – your whole team needs to know how to stay secure. Unfortunately, 85% of all successful data breaches involve human error, meaning your colleagues could end up being the reason you get scammed.

That’s why impactful awareness training can make such a big difference in proactively managing the threat of cyber attacks. With Riot, your whole team can learn about the latest scams, including AI-powered deep fakes, phishing, and much more. This way, they know exactly what to do to reduce the risk of cyber attacks, and what to do in case of real-life scam attempts.

Even better, you can test your team with our simple and intuitive phishing simulation platform, crafting the kinds of attacks people are mostly likely to face and teaching them how to stay safe.

To find out how Riot can help you and your team stay on top of the latest cyber threats, get in touch with one of our experts today.