The global damage caused by cybercrime has risen to an average of USD $11 million per minute, which corresponds to a cost of USD 190,000 per second.
60% of small and medium-sized businesses affected by a data breach close their doors within six months because they cannot afford the costs. The costs of becoming a victim of a cyber-attack can include:
– loss of business;
– downtime/loss of productivity;
– reparation costs for customers whose data has been stolen, and more.
You may be thinking that this means you need to invest more in cyber security, and it is true that you need to have adequate IT security measures in place (anti-malware, firewall, etc.). However, many of the most damaging security breaches are due to common mistakes that businesses and their employees make.
{% video_player “embed_player” overrideable=False, type=’hsvideo2′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1200′, height=’1200′, player_id=’85330742326′, style=” %}
The Sophos Threat Report 2021, which examined thousands of global data breaches, found that so-called “everyday threats” are among the most dangerous. The report says: “A lack of attention to one or more aspects of basic security hygiene has been shown to be the primary cause of many of the most damaging attacks we have studied.”
Is your organization making a dangerous cybersecurity mistake that puts you at high risk of a data breach, cloud account takeover, or ransomware infection?
Here are some of the most common missteps when it comes to basic IT security practices.
1) IGNORING MULTI-FACTOR AUTHENTICATION (MFA)
According to IBM Security, credential theft is the most common cause of data breaches worldwide. Since most business processes and data are now cloud-based, credentials are key to various types of attacks on corporate networks.
If you ignore protecting your user logins with multi-factor authentication it will turn into a common mistake that significantly increases the risk of organizations falling victim to a security breach.
MFA reduces fraudulent login attempts by an incredible 99.9%.
2) IGNORING THE USE OF SHADOW IT
Shadow IT is the use of cloud applications by employees for business data that has not been authorized and that a company may not even know about.
Shadow IT poses a risk to businesses for several reasons:
- Data may be used in an insecure application
- The data isn’t included in the company’s backup strategies
- If the employee quit the position, the data could be lost
- The app used may not meet the company’s compliance requirements.
Employees often start using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks associated with using an app that’s not been vetted by their company’s IT team.
It’s important to have cloud usage policies that clearly dictate to employees which apps can and cannot be used for work.
3) THINK YOU’RE SAFE USING ONLY AN ANTIVIRUS APPLICATION
Regardless of how small your business is, a simple antivirus application isn’t enough to protect you. In fact, many of today’s threats don’t use malicious files at all.
Phishing emails contain commands sent to legitimate PC systems that aren’t labeled as viruses or malware. Phishing today also mostly uses links, not file attachments, to send users to malicious websites. These links aren’t intercepted by simple antivirus solutions.
You need to adopt a multi-layered strategy that includes:
- Next-generation anti-malware (with AI and machine learning).
- Next-generation firewall
- Email Filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
4) NOT USING DEVICE MANAGEMENT IN PLACE
Most companies around the world have let their employees work from home since the pandemic, and they plan to continue doing so. However, device management for these external employee devices, as well as smartphones used for business, isn’t always in place.
If you don’t manage security or data access for all endpoints (company-owned and employee-owned) in your organization, you’re at higher risk for a data breach.
If you don’t already have one, it’s time to install a device management app, like Intune in Microsoft 365.
5) NOT ORGANISING ADEQUATE COURSES FOR EMPLOYEES
An astounding 95% of cybersecurity breaches occur by human error. Too many organizations don’t take the time to train their employees on an ongoing basis, and so users haven’t developed the skills needed to create a culture of good cybersecurity.
IT employees should be trained throughout the year, not just annually or during the onboarding process. The more you focus on IT security, the better your team will be able to detect phishing attacks and follow proper data handling procedures.
There are a few ways to build cybersecurity training into your company culture:
- Short training videos
- IT security posters
- Webinars
- Team training sessions
- Cybersecurity tips in corporate newsletters
WANT TO PREVENT CYBER ATTACKS?
BOOK A FREE CYBERSECURITY AUDIT NOW!
Don’t be left in the dark about your IT security vulnerabilities. Schedule a cybersecurity checkup from OnyxIT to uncover vulnerabilities so they can be addressed to reduce your risk.
Article used with permission from The Technology Press.
