If there is any lesson to take away from 2021, it’s that investment in cybersecurity to protect your business and your clients is still essential. Whether your business is small or global, if you collect confidential information from your clients, such as payment details, identification, and contact details, it’s your responsibility to protect that data from hackers.

The past year has been an interesting one for cybersecurity firms. Several data breaches have been reported so far in 2021, ranging from the SolarWinds cyber attack to the Apple Device Breech to the recent passport portal vulnerability. These incidents provide us with several important lessons to take away from 2021 and implement for 2022. 

cyber security lessons from 2021 - laptop with security icons floating above

Essential Software Updates

It may feel as though software updates only happen at the most inconvenient times, but we do promise they serve an essential purpose. Updates are often released to protect your device and your data by patching vulnerabilities in an application’s or software’s code. Those updates might also offer fixes to operational bugs, speed up the performance, and add new features, but security is the crucial part to remember. Failing to install the updates means you leave your device and your personal identifiable information (PII) at risk. 

An example of this was the recent breach of Apple’s iMessage app on iPhones and iPads by the malware known as Pegasus. Without their knowledge, the malware could turn an iPhone user’s device into a spy machine. The hack gave away access to messages, emails, and the ability to record phone calls. It could also use the device camera and microphone without the user knowing.

Apple users were urgently asked to download an update that would patch the known and exploited vulnerability. The next time your app or device prompts you to install an update, we can learn from the Apple scenario and click the “install now” option, rather than delaying. 

The Importance of Network Monitoring

Monitoring your networks is a clear priority to help keep them secure. When you’re not monitoring your network for intrusions, you won’t know if or when your systems are breached or not. In the case of SolarWinds, their systems were hacked without them knowing or noticing for months.

As a top security firm, they were likely monitoring their networks reasonably well, but since their clients were high-profile companies and government agencies, the cybercriminals that targeted them wrote sophisticated malware that the SolarWinds system missed. For most small and medium-sized businesses, using a system that combines both intrusion detection and intrusion prevention is enough to keep out the vast majority of cyberattacks. 

Using Encryption Properly

Encryption is a basic component of cybersecurity. Encryption is when information is delivered securely over a network by scrambling the data into another form, and unscrambling it back to the original format, once it reaches its destination. Many services offer encryption, including email service providers, cloud networks, messaging apps, etc. When companies fail to use encryption or misuse the feature, it becomes a problem for cybersecurity. 

A recent example of a business that failed to use encryption correctly came with the vaccine portal app Portpass. A CBC investigation found that the company had not only failed to secure their network, but they had failed to use encryption. As a result, they risked exposing over 600,000 users’ PII to potential hackers. The visible (and easily swiped) information included the names, email addresses, blood types, phone numbers, birthdays, and images of official government IDs for users of the app.

If your business manages the PII of your clients or users, you’ll want to ensure that your network is secure and that you’re using encryption to keep your data protected. 

Cybersecurity Professionals in Edmonton

Ensure your networks are protected, and your data is secure by hiring an experienced cybersecurity and IT management firm. At Alt-Tech Inc., we specialize in serving the insurance, financial, legal, and manufacturing sectors. If you’re ready to invest in the online security of your business, contact us to set up an assessment.