Cybersecurity
July 5, 2022
3 mins

Tips for mitigating cyber risks

July 5, 2022
3 mins
Alejandro Serrano
Citi Private Bank Global Cyber Security Co-Lead
SUMMARY

Cyber-attacks are increasing in frequency and sophistication. Being aware and having robust security can help keep you and your business operating as efficiently and safely as possible.


According to the adage, prevention is better than cure. A key principle of modern medicine, it is equally applicable to safeguarding your data, wealth and privacy from increasingly frequent and sophisticated cyber-attacks.

Cyber criminals are exploiting global events to launch cyber-attacks: during lockdowns imposed by various governments to control the spread of COVID in 2020, cyber-attacks soared nearly 600%.1 This was because many people were spending more time online and were also likelier to open malicious emails purporting to offer information about the health crisis. In fact, research suggests that 92% of malware is delivered via email.2

By creating an atmosphere of cyber awareness and putting robust security measures in place, you stand a better chance of preventing a costly breach. Some common cyber threats you are likely to face include the following, and they may happen simultaneously or sequentially:

  1. Phishing:

    Tricking victims into handing over personal data via emails purportedly from a trusted sender. This is the most frequent type of cyber fraud.

  2. Malware attacks:

    Infiltrating computers or phones via an email attachment, hyperlink or other means. Once embedded in a device, malware can alter its operations by changing settings and permissions, blocking programs and spying on victims.

  3. Ransomware:

    Encrypting victims’ data via a malicious program and holding it hostage until ransom is paid. These are among the most common cyber-attacks. Many companies have paid ransoms because they lacked the time and/or resources to recover from an attack.

  4. Data theft:

    Stealing personal information from unsuspecting users by deception. This may include gaining access to a trusted email account, through which hackers attempt to perpetrate ransomware and phishing attacks throughout the email account owner’s contacts.

5. Social engineering scams:

Conning people into giving up sensitive information through various means by pretending to be someone else. Fake messages on social media are a popular device for such scams.
  1. Human error:

    Slipping up in a variety of ways such as leaving data unsecured on USB drives, having weak account passwords or falling for phishing scams. Studies find that people are often the weakest link in the information technology chain.3

Sound management of cyber risks includes preventative measures such as boosting your security protocols. Admittedly, no strategy is foolproof, but proactive attempts to mitigate risks increase the odds of avoiding a costly breach.

Here are some suggested tips to help mitigate the risk of cyber threats:

  • Always update your antivirus protection software.
  • Perform regular digital monitoring to contain and remove any malicious software if discovered.
  • Segregate your business’s critical networks and services from personal devices.
  • Limit and control network account access and restrict privileged access to applications and systems to a group of vetted individuals.
  • Enforce signed software execution policies and require users to set strong passwords.
  • Use a multi-layered authentication and systems login process via the deployment of random tokens generation software on top of network passwords/logins. This creates a secondary layer of clearance and protection for accounts with elevated privileges, remote access and/or containing high-value assets.
  • Vet employees both initially upon hiring and on an ongoing basis.
  • Monitor third-party risk from suppliers and clients as well as their cyber security and data protection protocols.
  • Have ongoing cyber security awareness, training and education programs for you and your team.
  • Audit the inventory of your network devices and software regularly.
  • Have robust back-up systems to ensure business continuity in the event of a breach.
  • Have an appropriate cyber insurance policy covering losses relating to damage or loss of information from IT systems and networks.

These tips are non-exhaustive, and unfortunately, cyber breaches may nevertheless occur despite best efforts. So being prepared to remedy the situation is just as important as taking preventative measures.

1UN warns cybercrime on rise during pandemic, By The Associated Press, May 23, 2020 https://apnews.com/article/europe-united-nations-brazil-south-korea-cybercrime-6ba6af57fd96e25334d8a06fcf999e7f

2Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends, By PurpleSec, 2021 Cyber Security Trends Report https://purplesec.us/resources/cyber-security-statistics/
3Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends, By PurpleSec, 2021 Cyber Security Trends Report https://purplesec.us/resources/cyber-security-statistics/