保护企业通信渠道：如何应对黑客攻击

Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.

高效的沟通是业务成功的基石。在内部，确保您的团队沟通无缝有助于避免摩擦损失、误解、延误和重叠。在外部，无挫折的客户沟通直接与积极的客户体验和更高的满意度相关联。

However, business communication channels are also a major target for cybercriminals. In recent years, especially since the pandemic, the number of cyberattacks has skyrocketed. Statistics show that last year alone, the number of hacks shot up by 38%. Worse, it still takes a business 277 days on average to identify a breach, causing a loss of $4.35 on average.

然而，业务通信渠道也是网络犯罪分子的主要目标。近年来，特别是自疫情爆发以来，网络攻击的数量激增。统计数据显示，仅去年，黑客攻击数量增加了38%。更糟糕的是，一家企业平均需要277天才能发现一次违规，导致平均损失4.35美元。

So, how can businesses safeguard their communication channels against hackers, while still providing the best possible experience for customers and maintaining team productivity? Here's everything you need to know – and which mistakes you need to avoid.

那么，企业如何保护其通信渠道免受黑客攻击，同时为客户提供最佳体验，并保持团队生产力？以下是您需要了解的一切内容 - 以及您需要避免的错误。

Use Secure Platforms

使用安全平台

To begin with, there is your choice of communication channels. In order to meet customers' communication demands, you'll need to offer a variety of channels, from texting, email and live chat to voice and video calls. Not to mention the channels for internal business communication, messaging, and team collaboration tools foremost among them.

首先，您需要选择通信渠道。为了满足客户的沟通需求，您需要提供各种渠道，从短信、电子邮件和实时聊天到语音和视频通话。更不用说内部业务通信、消息传递和团队协作工具等渠道。

In the choice of all these channels, you need to prioritize security. When comparing communication platforms, whether UCaaS providers or contact center software, it's crucial to take their security standards into account.

在选择所有这些渠道时，您需要优先考虑安全性。在比较通信平台时，无论是UCaaS提供商还是联系中心软件，都必须考虑它们的安全标准。

Have they been breached before? What server infrastructure and encryption do they rely on? What cybersecurity protocols do they implement? Do they comply with international data security regulations? Do they offer additional security measures such as two-factor authentication?

它们以前有过违规吗？它们依赖哪种服务器基础架构和加密？它们实施了哪些网络安全协议？它们是否符合国际数据安全法规？它们是否提供额外的安全措施，如双因素身份验证？

All these are questions you should find the answers to before settling for any communication platform for your business.

在为您的业务选择任何通信平台之前，您应该找到这些问题的答案。

Audit Your Passwords and Permissions

审计您的密码和权限

Next up, your business needs to audit its passwords and review which team members have which permissions.

接下来，您的企业需要审计其密码并查看哪些团队成员具有哪些权限。

Incredible as it may sound, statistics show that a vast majority of data breaches (fully 80%!) are due to compromised login credentials. They also reveal that 75% of people do not adhere to password best practices, despite knowing better.

令人难以置信的是，统计数据显示，绝大多数数据违规（整整80%！）是由于登录凭据被篡改。它们还揭示，尽管知道更好，但75%的人不遵守密码最佳实践。

In fact, "123456", "password", and "admin" still remain on the list of the most frequently used passwords in 2024.

事实上，“123456”、“password”和“admin”仍然是2024年最常用密码清单上的密码。

Increasing password complexity dramatically reduces the risk of successful cyber breaches. That's why a thorough password review and the implementation of draconic password standards should be high up on your list of priorities to safeguard your business communications.

增加密码复杂性会大大降低成功网络违规的风险。这就是为什么彻底审查密码并实施严格的密码标准应该是您保护业务通信的首要任务。

As for the review of permissions, the more people have access to a system, the more likely it is that someone will make a mistake that could result in a breach. Make sure that only those people who really need it have access to sensitive information.

至于权限审查，拥有对系统的访问权限越多，某人犯错误导致违规的可能性就越大。确保只有那些真正需要访问敏感信息的人才能访问。

Invest in Cybersecurity Protection

投资于网络安全保护

Another strategy to protect your business communications against hackers is to invest in cybersecurity tools.

另一项保护企业通信免受黑客攻击的策略是投资于网络安全工具。

With the skyrocketing rates of cyber crime and the adoption of technologies such as AI by hackers, cybersecurity companies have ratcheted up their efforts to provide tools to fend them off.

随着网络犯罪率飙升以及黑客采用人工智能等技术，网络安全公司加大了提供工具以抵御黑客攻击的努力。

Review what cybersecurity tools your company uses. A solid antivirus system, a Virtual Private Network (VPN) solution and a (team) password manager or vault combined with a strong password policy should be the absolute minimum.

审查您的公司使用的网络安全工具。一个可靠的防病毒系统、虚拟专用网络（VPN）解决方案和（团队）密码管理器或保险库，再加上强大的密码策略，应该是绝对的最低要求。

Going further, you can invest in financial fraud monitoring, identity theft monitoring for your team members, as well as spam call protection.

此外，您可以投资于金融欺诈监控、身份盗窃监控以及团队成员的垃圾电话保护。

Cybersecurity monitoring tools, especially, are underutilized by businesses – a major reason for the often months-long delay in detecting a breach. In the event of a hack, it is crucial that you detect it as soon as possible in order to be able to limit the damage and loss of customer trust.

尤其是网络安全监控工具，被企业利用不足 - 这是检测违规常常延迟数月的主要原因。在发生黑客攻击时，至关重要的是您尽快检测到它，以便能够限制损害和客户信任的损失。

Brush Up our Team's Cybersecurity Skills

提升团队的网络安全技能

The vast majority of successful cyber breaches are due to human error and not just the choice of weak passwords.

绝大多数成功的网络违规都是由于人为错误，而不仅仅是选择弱密码。

Phishing attacks in particular have become more sophisticated in recent years. Long gone are the days in which a Nigerian prince stuck at an airport reached out for a loan.

特别是钓鱼攻击近年来变得更加复杂。那些尼日利亚王子被困机场需要贷款的日子早已一去不复返。

Instead, you get an email from your supervisor towards the end of the business day because he needs your login credentials for a high-level operation.

相反，您可能会在工作日结束时收到主管的电子邮件，因为他需要您的登录凭据执行高级操作。

Or you get a message on Slack from a colleague two departments over with a link to sign the virtual birthday card for Sarah from accounting.

或者您可能会在Slack上收到来自两个部门外同事的消息，其中包含签署会计Sarah的虚拟生日卡的链接。

If hackers really go above and beyond, you might even get a call from your company's CEO asking for your help with a technical issue.

如果黑客真的超越了一切，您甚至可能会接到公司CEO的电话，要求您帮助解决技术问题。

In all these cases, many wouldn't think twice about handing over information or clicking the link they're sent, without thinking about spear or voice phishing. And today, that's all it takes to throw the door wide open for cybercriminals to make their way quietly into your communication systems.

在所有这些情况下，许多人会毫不犹豫地透露信息或点击他们收到的链接，而不考虑鱼叉或语音钓鱼。而今，这就足以为黑客悄然进入您的通信系统打开大门。

To prevent any of these scenarios from happening, you need to brush up your team's cybersecurity skills – and their capacities to detect and flag fraud. Having regular cybersecurity training is crucial, as is doing spot checks to make sure everyone adheres to best practices.

为防止发生任何这些情况，您需要提升团队的网络安全技能 - 以及他们发现和标记欺诈的能力。定期进行网络安全培训至关重要，进行现场检查以确保每个人都遵守最佳实践。

Develop SOPs and a Cybersecurity Routine

制定标准操作程序和网络安全例行程序

Finally, to protect your business' communication channels from hackers, it's essential to develop standard operating procedures and a fixed cybersecurity routine.

最后，为了保护企业通信渠道免受黑客攻击，制定标准操作程序和固定的网络安全例行程序至关重要。

Your SOPs should cover not only how to protect your systems, but also what to do in the event of a breach, or the suspicion of one. All your team members should be able to spot suspicious activity and know exactly who to reach out to in the event that they do.

您的标准操作程序应该涵盖如何保护系统，以及在发生违规或怀疑违规时该怎么办。所有团队成员都应该能够发现可疑活动，并确切地知道在发生这种情况时应该联系谁。

Who do they need to alert if they get a spear phishing message to their work phone?

如果他们的工作电话收到鱼叉式钓鱼消息，他们需要通知谁？

What's the procedure if databases are behaving oddly?

如果数据库表现异常，应该采取什么程序？

Which systems need to be shut down first to contain a potential breach?

哪些系统应该首先关闭以遏制潜在的违规？

All these are questions that need to be clarified and communicated to your team.

所有这些问题都需要澄清并传达给您的团队。

Similarly, uncomfortable as it is, you also need to develop backup plans for the worst case scenario of a successful breach. What's your strategy to recover your website if it has been taken hostage? And how do you alert customers to a potential threat?

同样，尽管不舒服，您还需要为成功违规的最坏情况制定备份计划。如果您的网站被劫持，您的恢复策略是什么？您如何向客户提醒潜在威胁？

Finally, you need to incorporate cybersecurity into your routines on a daily, weekly, quarterly, and annual basis. Cybercriminals constantly evolve their tactics, and you need to keep up to speed to protect your communications.

最后，您需要将网络安全纳入您的日常、每周、每季度和每年的例行程序中。网络犯罪分子不断改进他们的策略，您需要跟上步伐以保护您的通信。

This means staying up to date on cybersecurity news, new threats, and scams. It also involves regular changes to your passwords, system reviews, and updates to your SOPs.

这意味着要及时了解网络安全新闻、新威胁和诈骗。这还涉及定期更改密码、系统审查和更新您的标准操作程序。

Conclusion

结论

Protecting your business communications against hackers is a complex task. It starts with your choice of platforms and cybersecurity tools, but requires constant vigilance. It's crucial to regularly audit your passwords and permissions, educate yourself and your team, and develop cybersecurity SOPs and routines.

保护企业通信免受黑客攻击是一项复杂的任务。它始于您选择的平台和网络安全工具，但需要持续警惕。定期审计密码和权限，教育您自己和您的团队，制定网络安全标准操作程序和例行程序至关重要。

While all of this takes a considerable amount of time, effort, and resources, it is well worth it. The alternative is to leave yourself wide open and vulnerable to attacks that can have serious financial consequences and result in a total loss of customer trust. In that scenario, the question is when – rather than if – you get breached.

尽管所有这些都需要大量的时间、精力和资源，但是这是非常值得的。另一种选择是让自己完全暴露和容易受到攻击，这可能会导致严重的财务后果，并导致对客户信任的完全丧失。在这种情况下，问题是何时而不是是否会发生违规。

Only with the best tools and team members sticking to cybersecurity best practices, and being capable of spotting phishing attacks, will you be able to defend your communication channels.

只有使用最佳工具，并且团队成员坚持网络安全的最佳实践，并且能够发现钓鱼攻击，您才能保护您的通信渠道。

原文始发于微信公众号（知机安全）：保护企业通信渠道：如何应对黑客攻击