Ransomware and other malware continue to be existential threats for businesses of all sizes. Statistics on the number and cost of attacks vary widely, but breaches and attempted breaches continue to grow. Here’s a look at some common errors businesses make with their cyber defenses:
Weak passwords: We know how tired you are of hearing about password hygiene, but weak password policies continue to be a big problem. Your organization should require complex passwords and multi-factor authentication (MFA). And never use the same password for multiple sites.
Ignoring updates and patches: Your software vendors are working hard to help you keep one step ahead of hackers, but all that work is for nothing if you don’t keep your products up to date. Create and maintain a schedule for applying updates and patches, because outdated software is a favorite target for the bad guys.
Lack of training: Studies show that human error is by far the leading cause of breaches. Train your employees, conduct regular phishing tests, and remember that training is a process and not an event … schedule sessions regularly.
No backup plan: A current backup is vital in the event of a cyber incident, and also in the case of hardware failure or accidental data deletion. Most companies have a backup plan, but far fewer test those backups regularly to make sure everything is working as it should.
Inadequate access controls: Giving employees wider system access than necessary opens the door to many problems, and shared access makes accountability and tracking impossible. Learn about the principle of least privilege and apply it to your organization.
Lack of remote work practices: When employees work remotely, you have no control over the security of their home networks or personal devices. Create policies around secure connections and device encryption, and enforce those policies.
Untested vendors: Digital connections to third-party vendors save time and streamline ordering processes. They also create new potential points of entry into your networks. Make sure your vendors meet current cybersecurity standards, and insist on regular reviews.
Neglecting insider threats: Many organizations focus exclusively on external threats, but insiders can cause just as much damage or more, whether accidentally or through the intentional efforts of a disgruntled employee. Monitoring tools and regular audits can help you keep an eye on the store.
No response plan: Even if you’re doing all these things correctly, bad things can still happen, and many businesses never recover from such incidents. An incident response plan can save time and limit damage. Create one and test it thoroughly.
Assuming “It can’t happen to us:” Many small and midsize businesses believe that hackers go after only the big organizations that make headlines when they’re breached. In fact, the opposite is true. Just as a burglar looks for the unlocked door, hackers seek the easiest targets, and that’s often the smaller organization with fewer cyber defense tools at its disposal.
There is no bulletproof plan for perfect cybersecurity, but attention paid to these principles will make your business a harder target, and one that’s less appealing to hackers.
Questions about cybersecurity for your business? Contact Hill Tech Solutions.
