The global cost of poor cybersecurity has risen to an average of $11 million USD per minute. That’s $190,000 each second.
Over 60% of small businesses end up closing their doors within six months after a cyberattack due to costs. Those costs can include loss of business, downtime/productivity losses, legal costs, and more.
One would think that means businesses would naturally invest more in cybersecurity. It is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are still due to some of the most common cybersecurity mistakes that companies make.
The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Is your company making a cybersecurity mistake that is leaving you at high risk for a data breach?
Here are several of the most common missteps when it comes to basic IT security best practices.
Not Implementing Proper Multi-Factor Authentication
Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks. Also, it’s not like you can pull the plug in case of a cybersecurity emergency. Cloud servers stay running no matter what.
Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach.
MFA reduces fraudulent sign-in attempts by a staggering 99.9%. Here at Hermetic Networks, we’re pretty fanatical about information security. For more information about multi-factor authentication and its importance, check out our other articles, Multi-Factor Authentication and You and Security Measures to Improve Microsoft 365 Data Protection.
Ignoring “Shadow IT”
Shadow IT is the use of cloud applications by employees for business data that aren’t approved and may be unknown to IT departments. For example, someone in the doesn’t like SharePoint and decides to share confidential documents from their personal Dropbox account.
Shadow IT use leaves companies cybersecurity strategies at risk for several reasons:
- Data is used in a non-secure application
- Data isn’t included in company backup strategies
- If the employee leaves, the data is lost
- Personal cloud apps do not meet company compliance requirements
Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.
It’s important to have acceptable use policies in place that spell out for employees the applications that can and cannot be used for work, including cloud services.
Too Much Reliance on Antivirus Applications
No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.
Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes things like:
- Next-gen anti-malware (uses AI and machine learning)
- Next-gen firewall
- Email filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
Lack of Device Management Solutions
A majority of companies around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365. While you’re at it, check out our article on 9 Best Practice Ways to Keep Mobile Devices Safe From Cyberattacks.
Poor Employee Cybersecurity Training
An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an on-boarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.
Some ways to infuse cybersecurity training into your company culture include:
- Short training videos
- IT security posters
- Team training sessions
- Cybersecurity tips in company newsletters
When was your last Cybersecurity checkup?
Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit today to uncover vulnerabilities so they can be fortified to reduce your risk.