The global damage of cybercrime has risen to an average of $11 million per minute, which is a cost of over €177,000 each second. Yikes!
60% of small to medium-sized businesses that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more. Many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.
The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.” Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?
Here are several of the most common missteps when it comes to basic IT security best practices.
1. Not implementing Multi-factor Authentication (mfa)
Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks.
Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach. MFA reduces fraudulent sign-in attempts by a staggering 99.9%.
2. Ignoring the use of ‘shadow IT’
‘Shadow IT’ is the use of cloud applications by employees for business data which haven’t been approved and may not even be known about by a company.
Shadow IT can leave businesses at risk for several reasons:
- Data may be used in a non-secure application
- Data isn’t included in company backup strategies
- If the employee leaves, the data could be lost
- The app being used might not meet company compliance requirements
Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by an IT team. It’s important to have policies in place that spell out for employees the applications that can and cannot be used for work.
3. Thinking you’re completely safe with just an antivirus application
No matter how small your business is, a simple antivirus application is not enough to keep you 100% protected. For example, phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes things like:
- Next-gen anti-malware (uses AI and machine learning)
- Next-gen firewall
- Email filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
4. Not having device management in place
A large number of companies around the world first introduced employees to working remotely during the pandemic and, now in many cases, they’re planning to keep it that way. However, device management for remote employee devices hasn’t always been put in place efficiently.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach. If you don’t have one already, it’s time to put a device management application in place.
5. Not providing adequate training to employees
An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity. Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process.
The more you keep IT security front and centre, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures. Consider reaching out to a reputable IT company that can offer your team proper training.
When did you last have a cybersecurity checkup?
Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.
- Business Continuity & Disaster Recovery
- Email Filtering
- Incident Response Plans
- Phishing and Cybersecurity Training
If you need a dedicated IT company, with a team of trained professionals who can manage your company’s cybersecurity, look no further than ITM Tech! Based in Naas, Co Kildare, ITM Tech supplies and implements reliable technical support for your entire IT environment.
We are dedicated to quickly and effectively resolving cybersecurity issues, leaving you to concentrate on running your business. Contact our experts today at 045 409984 or email us at firstname.lastname@example.org.
For more information about cybersecurity and what we can offer you, check out our last blog; Is Your Business Ready To Prevent, Detect And Respond To Cyber Attacks?