Cybercrime is a growing concern world-wide with the cost to business expected to be £7 trillion worldwide in 2022.
The cost of a data breach is steep. In fact, 60% percent small and mid-sized companies end up closing their doors within six months because they cannot afford the costs from falling victim to cyberattacks. This effects of which could include loss in business productivity as well as fines from the ICO and bad publicity from customers whose information has been stolen and more.
Cybersecurity is a hot topic these days, but it’s not just about having technical systems in place to prevent breaches. You also have to make sure your company doesn’t fall victim of self-inflicted damage , by clicking on an infected email by mistake or downloading malware unknowingly–and this happens more often than you may think!
The Sophos Threat Report, written in 2021, investigated thousands of data breaches and found that “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Is your company making dangerous cybersecurity mistakes that are putting you at high risk for a data breach?
Here are several of the most common mistakes that you can quickly fix to improve your Cyber Security.
1.Do you enforce Multi Factor Authentication ( MFA )?
With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on a network. With credential theft becoming one way hackers can get into your system it’s important that employees are trained in how they’re going use these tools so they are not easy targets for criminals looking at stealing information.
It is a serious mistake not to protect your company’s user logins with multi-factor authentication. The consequences of this decision are too great for businesses, so it should be at the top tier list in every IT department’s procedures!
MFA reduces the number of fraudulent sign-in attempts by 99.9%.
2.Do you ignore the use of Shadow IT ?
Shadow IT is when employees use unapproved cloud applications for company data that they may not even know about. This can leave companies at risk for a number of reasons:
- The data may be used in a non-secure application
- The data isn’t included in company backup strategies
- The data could be lost if the employee leaves
- The app that is being used may not meet the requirements for company compliance
When employees begin using apps without approval from their company’s IT team, they are exposing themselves and potentially compromising sensitive information.
The best way to maintain a healthy work environment is by having clear policies in place that outline what type of technology can and cannot be used for company work.
3.Are you only using an Anti Virus application?
With so many threats today, a simple antivirus application is no longer enough to keep you safe. In fact some of the most dangerous hackers don’t use malicious files at all!
The scammers are getting more sophisticated with their tricks. They use links in emails instead of attachments to take users directly onto the infected website, which is not blocked by simple antivirus programs.
In order to prevent these sort of attacks you need multi-layer strategy:
- Next-gen anti-malware
- Next gen firewall
- Email filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
4.Can you remotely manage your mobile devices (MDM)?
The pandemic has caused companies all around the world to embrace remote working, and they plan on keeping it this way. However there are still some kinks that need worked out when it comes device management for employees’ home computers or phones used while at work. Many employers haven’t put systems in place yet which is creating problems as you can imagine–with greater flexibility come greater risks!
If you’re not managing security or data access for all the endpoints in your business, there’s a higher risk of a breach.
Mobile device management, like Intune in Microsoft 365 can give you peace of mind that your devices are protected and up-to date with the latest software.
5.Do you provide regular adequate employee security training?
Cybersecurity is a problem that impacts every company, yet too many don’t take the time to train their employees and thus create an environment where users are not skilled in cybersecurity. Around 95% of cybersecurity breaches are caused by human error, so training is vital!
Training should happen throughout the year, not just on an annual or onboarding process. The more you keep IT Security front and centre of your employees’ minds the better they will be in following proper data handling procedures and identifying phishing attacks before they occur.
Some examples of ways of including cybersecurity training into your company’s culture include:
- Training videos
- Short webinars
- IT security posters
- Short team training sessions
- Company news articles containing cybersecurity tips
6. Do you know every device on your network?
We also need to consider devices that don’t look like a computer or a server, such as Mobile phones, streaming devices , CCTV , Smart TV’s, Door Access Control , and Wifi Speakers. Just because they do not look like a traditional computer, they could still be vulnerable. Your smart devices are only as secure as the network they are connected to. Change the default name and password on all of your devices. If possible, create separate networks for each of the types of device , and only have a completely separate network for your company laptops and desktops. Set up a firewall to restrict what and who can connect. Regularly check for and install firmware updates on all of your devices, including smart devices.
One Last thing – When was your last cybersecurity check- up?
Intruders are always looking for ways into your network, so why not make them work harder? Schedule a cybersecurity audit and uncover any vulnerabilities that may be lurking under the surface. This way you can protect yourself from cyber threats by fortifying these weak spots before they become an entryway into everything else. To arrange a review of your current Cyber Security position Book a 15 Minute Call Here