The global damage of cybercrime has risen to an average of $11 million USD per minute, costing $190,000 each second.
60% of small and mid-sized companies with a data breach end up closing their doors within six months because they can’t afford the costs. Falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers who have stolen data, and more.
You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.
The 2023 Sophos Threat Report underscores that lapses in basic cybersecurity practices, like patching and configuration management, leave organizations vulnerable to attackers exploiting these gaps. The report highlights that these “everyday” weaknesses are frequently targeted by attackers, especially with the rise of “crime-as-a-service” offerings that enable easier access to advanced hacking tools.
Is your company making a dangerous cybersecurity mistake leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?
Here are several of the most common missteps regarding basic IT security best practices.
CYBERSECURITY MISTAKE #1: NOT IMPLEMENTING MULTI-FACTOR AUTHENTICATION (MFA)
According to IBM Security, credit theft has become the top cause of data breaches worldwide. With most company processes and data now being cloud-based, login credentials hold the key to multiple attacks on company networks.
At IT Acceleration, we believe that not protecting your user logins with multi-factor authentication is a common mistake that leaves companies at a much higher risk of falling victim to a breach. MFA reduces fraudulent sign-in attempts by a staggering 99.9%.
CYBERSECURITY MISTAKE #2: IGNORING THE USE OF SHADOW IT
Shadow IT is the use of cloud applications by employees for business data that haven’t been approved. They may not even be known about by a company.
Shadow IT use leaves companies at risk for several reasons:
- Data may be used in a non-secure application
- Data isn’t included in company backup strategies
- If the employee leaves, the data could be lost
- The app being used might not meet company compliance requirements
Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that their company’s IT team hasn’t vetted.
It’s important to have cloud use policies that spell out for employees the applications that can and cannot be used for work.
CYBERSECURITY MISTAKE #3: THINKING YOU’RE FINE WITH ONLY AN ANTIVIRUS APPLICATION
No matter how small your business, a simple antivirus application is not enough to protect you. In fact, many of today’s threats don’t use a malicious file at all.
Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as viruses or malware. Phishing also overwhelmingly uses links rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes things like:
- Next-gen anti-malware (uses AI and machine learning)
- Next-gen firewall
- Email Filtering
- DNS Filtering
- Automated application and cloud security policies
- Cloud access monitoring
CYBERSECURITY MISTAKE #4: NOT HAVING DEVICE MANAGEMENT IN PLACE
A majority of Philadelphia-based companies and around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices, as well as smartphones used for business, hasn’t always been put in place.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, it’s time to implement a device management application like Intune in Microsoft 365.
CYBERSECURITY MISTAKE #5: NOT PROVIDING ADEQUATE TRAINING TO EMPLOYEES
An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to train their employees continually. Therefore, users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.
Some ways to infuse cybersecurity training into your company culture include:
- Short training videos
- IT security posters
- Webinars
- Team training sessions
- Cybersecurity tips in company newsletters
WHEN DID YOU LAST HAVE A CYBERSECURITY CHECKUP?
Don’t stay in the dark about your IT security vulnerabilities. Call IT Acceleration to schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.
The article is used with permission from The Technology Press.