Upholding our commitment to privacy, security, and compliance, we believe it’s important to bring awareness to the rapidly evolving threat landscape and the role all individuals and organizations play in cybersecurity. October is Cybersecurity Awareness Month, and it’s an ideal time to highlight the crucial nature of maintaining good data security practices to minimize risks and vulnerabilities.
The U.S. Department of Homeland Security and the National Cyber Security Alliance first declared October Cybersecurity Awareness Month over a decade ago in a national effort to protect those online. Since then, companies and individuals have joined the campaign and continue to spread awareness about the importance of maintaining good cybersecurity practices.
As one of the leading web form and data collection platforms, FormAssembly takes an uncompromising stance on cybersecurity. This month, and every month, we remain dedicated to maintaining the highest standards in cybersecurity and encourage our employees and customers to do the same.
To help you improve cybersecurity at your own organization, this blog provides an overview of biggest cybersecurity threats of 2022 and best practices to keep your employees and customers safe.
Common cybersecurity threats in 2022
Cybersecurity threats are putting companies and individuals at greater risks for significant data attaches and breaches. These threats are more sophisticated and harmful than ever before, making them more dangerous and less easy to detect. Even with ongoing cybersecurity awareness training, it is challenging to determine what is real and what is a threat. In 2022, cybersecurity vulnerabilities often show up in the following areas:
Remote work environments
Working remotely can leave employees vulnerable to cybersecurity threats simply because they are no longer under the safeguards companies have in place in a physical building. Home networks are less likely to be as secure as business networks, making them easier to target and attack. Employees may work from public locations and on insecure Wi-Fi networks as well. If employees are not taking the proper precautions, such as using a personal hotspot, strong passwords, or two-factor authentication, they are at an increased risk for a hacking or phishing attack.
Phishing and smishing attacks
With the rise in electronic device use for both work and personal, also comes the increased threat of phishing. Employees can receive hundreds of emails in a day, some of which could be a social engineering attack that quietly goes under the radar until it’s too late. Similarly, SMS phishing, or “smishing,” is now becoming a common threat for unaware users who open a text and click a spam link.
Accidental data disclosure
Along with reduced security precautions and heightened cybersecurity attacks, companies are faced with internal threats from employees. Data breaches due to human error still remain one of the biggest threats to a company’s privacy and security. This may occur when users have too much access to sensitive data that is then available for accidental leaks or when work computers are used for personal use or shared with family or friends.
“A common way this happens is through sharing configurations—making things public rather than internal or only available to specific recipients,” says FormAssembly Director of Security and Compliance David Scovetta.
Cybersecurity awareness best practices
The threat of cyberattacks may leave you feeling concerned or vulnerable, but there are many steps organizations can—and should—take to keep data, customers, and employees safe. Here are the top five cybersecurity best practices for better data security.
Protect and manage passwords
Passwords are one of the simplest ways to protect sensitive information, but too often, they are not taken seriously by either employees or organizations. Weak passwords are easy targets for hackers, especially when “123456” or “password” are still the most commonly used passwords across all industries.
A cybersecurity best practice for passwords is to ensure they have at least 10 characters with a mixture of uppercase and lowercase letters, numbers, and symbols. The more complex and strong your password, the exponentially longer it will take for a hacker to solve. Adding two-factor authentication and using a password manager like LastPass (which only needs you to remember one login password) makes it easy to follow these best practices, even when you have countless complex passwords for work. You also want to make sure you’re not using the same passwords for different accounts, Scovetta says.
“Credential stuffing is a really common attack vector where bad actors look at prior breach records and see where else users are using the same name and password,” he says.
Conduct routine employee training
The saying “you don’t know what you don’t know” rings true for cybersecurity awareness. If companies don’t provide regular, in-depth training on cybersecurity best practices, chances are their employees won’t seek it out themselves. In fact, over 90 percent of cyberattacks occur because an unaware employee revealed sensitive information in a phishing scam.
A great way to make sure everyone is on the same page is by providing education on the different types of cyberattacks and how to stay alert to these threats. “
“And most importantly, how to escalate to your own security teams if you do come across something which seems unusual,” Scovetta says.
Regular training, assessments, and even random simulated phishing attacks are all simple ways to keep everyone alert and aware. It’s also important to establish cybersecurity awareness as vital to the safety of your employees and customers, rather than simply framing it as a “necessary evil.”
Regularly back up data, and test those backups
Digital data loss or corruption is a serious disaster, but it can be prevented with a few smart security measures. If your company has physical data, backups are especially important to protect this information from threats like natural disasters or building fires.
Backing data up offsite not only gives peace of mind, but is a cybersecurity best practice for keeping sensitive data safe and secure. Cloud backup services and databases are an ideal solution because they store all data on a remote server and provide data recovery capabilities. These services also often have end-to-end encryption for added security to ensure that data is protected as it moves from your company to the cloud database.
“Be sure to test your recovery operations at least annually, and ensure that you’re able to recover backed up data in a disaster scenario,” Scovetta says.
Maintain and test an incident response plan
While it is critical for organizations to maintain cybersecurity best practices, this doesn’t mean that a company is never at risk for a threat. It only takes one security breach to cause serious damage to a company’s reputation and finances. Companies should be proactive about creating, maintaining, and following an Incident Response Plan in the event of a cyberattack.
This plan outlines the steps a company needs to take to minimize the damage caused by the threat, recover data, and make changes to policies to help avoid future attacks. Along with creating an Incident Response Plan, it may also be helpful to create plans for specific types of threats, such as phishing attacks, and to have communication plans in place for employees, customers, and partners.
Comply with all laws and regulations
Companies are required by law to follow all privacy and compliance regulations. These regulations exist to provide additional security for sensitive data, such as HIPAA for healthcare and GLBA for financial services. Non-compliance endangers not only the sensitive information of a company and its employees, but its customers as well, and can result in financial penalties, or worse.
“Have a strong understanding of where your sensitive data is being stored and backup up,” Scovetta says.
To follow cybersecurity best practices, it’s important to know which compliance regulations are relevant to your company and to make sure your company remains up-to-date with any changes to these regulations. Conducting regular compliance risk assessments also alongside cybersecurity risk assessments to stay informed about your company data, regulation requirements, and to ensure these regulations are met.
How FormAssembly avoids cybersecurity threats
At FormAssembly, we are committed to being good stewards of the data entrusted to us and helping our customers do the same. This mindset guides all of our security policies and processes.
As a remote company with customers in industries with strict regulations, including healthcare, financial services, and government, FormAssembly takes an uncompromising stance on data security and compliance to help prevent hacking attacks and other threats. We are committed to adhering to the compliance laws and data security regulations to meet the strict demands of these industries. This ensures that all of our customers can trust us to keep their data secure when using our platform.
Some of the specific cybersecurity best practices FormAssembly follows include off-site data centers, disaster recovery, incident response, firewalls and an Intrusion Detection System, employee security, and more. We also maintain HIPAA, GDPR, FERPA, and GLBA compliance (and more), are PCI DSS Level 1 Certified, and are FedRAMP Ready.
Become a good data steward
Cybersecurity threats will continue to become more sophisticated each year. But cybersecurity threats are just one of several challenges your organization is facing when it comes to properly collecting and using data. Laws and regulations are evolving to keep up with the changing landscape, and governments are cracking down on non-compliance. Your customers are demanding better security and privacy.
Download our whitepaper, Understanding the Importance of Data Stewardship: How to Effectively Manage and Secure Customer Data, to learn how adopting a data stewardship mindset can help your organization stay a step ahead of these challenges.