WannaCry attacks in June and NotPetya breaches this month serve as stark reminders that cyberattacks are still a very real threat and that businesses must protect themselves. The Black Hat Attendee Survey found that a majority of professionals believe that they will have to respond to a major breach of critical U.S. infrastructure within the next two years. However, are these organizations and other companies ready to face damaging breach events? Let's take a look at some of the biggest cybersecurity mistakes that business make:
1. Trusting your employees
Human error is the single largest cause of security breaches, network infections and data loss. While your employees might be reputable individuals, that won't prevent them from falling victim to a phishing attack or other malicious downloads. Harvard Business Review contributor Marc van Zadelhoff noted that misaddressed emails, stolen devices and confidential data sent to insecure systems are all very costly mistakes that well-meaning insiders can make. Hackers are even adept at leveraging stolen credentials to increase their access within a network to steal sensitive information.
"Understanding the users who hold the potential for greatest damage is critical," van Zadelhoff wrote. "Addressing the security risks that these people represent, and the critical assets they access, should be a priority. In particular, monitor IT admins, top executives, key vendors, and at-risk employees with greater vigilance.
The biggest issue here is that infiltration techniques are becoming so sophisticated, they look legitimate and can fly under the radar of some security tools. To reduce the risk of human error, it's essential to go back to the basics, with comprehensive training for safe internet use practices. Educating employees will raise awareness and be a major step toward reducing the potential threat surface. Leaders should also enforce company use policies and establishing proper technology use protocols when working at the office and remotely.
2. Having faith in the technology
Technology exists to solve specific sets of problems, but relying on it too much might be your downfall. Failures can cost time, money, productivity as well as the trust of partners, customers and employees. It's important to setup the right solutions and create policies to guide staff through worst case scenarios. Dark Reading contributor Roman Foeckl noted that using just an antivirus and a firewall is not enough to secure data anymore. Threats have significantly evolved and are continuing to advance at a rapid rate. It's within your best interest to update your security systems to ensure it's maintained correctly and will address the newest threats.
Establish procedures around data loss prevention and test them on a regular basis. Ensure that you can recover quickly and that you have a plan B instated in case your critical assets fail. This will help ensure that your policies are effective and that the data will be protected appropriately. Staff members should also have the necessary knowledge and support to use the technology effectively and mitigate potential risks.
"Unencrypted devices create a massive problem as anyone could gain access to sensitive information."
3. Ignoring the basics
While many organizations are focusing on establishing sophisticated cybersecurity structures, it's important to start with the basics. For example, organizations might not encrypt their laptops or business cellphones. Unencrypted devices create a massive problem as anyone could gain access to sensitive information and business resources, the National Federation of Independent Business stated. Measures should be in place to scramble data in case someone without the encryption password tries enter a lost or stolen device.
Some companies also don't have strict password enforcement. Employees might use a simple password or could leverage the same password across multiple channels. These situations make it easier for hackers to get into sensitive systems and other accounts. Leaders must also ensure that any access credentials for departing employees are changed immediately. This will prevent any malicious intent and narrow the potential threat landscape. Create policies around remote wipe capabilities and what processes must be observed following a worker's exit.
Cybersecurity is a complex pursuit, but necessary to keep businesses and their data safe. At ISG Technology, we have the expertise and means to restore your trust in your network and your technology partner. For more information on avoiding cybersecurity mistakes, contact us today.