It’s often a simple lack of good cybersecurity that is the culprit behind devastating data breaches.
For example, in the case of the ransomware attack on Colonial Pipeline last year, it wasn’t an elaborate attack from the outside that successfully took the company down for nearly a week, it was a mistake.
The company had left an unused VPN account open, and that account wasn’t protected with multi-factor authentication. So, the attackers simply compromised that account password and through that were able to launch their malware attack.
Is your Charlotte area business making some common cybersecurity mistakes that are leaving your business at risk for a costly attack?
Here are several IT security mistakes you should correct if your company is making them.
Not Being Serious About Password Management
The main cause of data breaches isn’t organized brute force attacks, it’s compromised passwords. Insider attacks through stolen or breached credentials are the top factor in data breaches globally.
A big mistake companies make is to leave password management up to each employee. They may give them recommendations to make passwords long and include a number and special character, but no password security is actually enforced.
Employees can have as many as 100 passwords to manage these days, which can’t be done without some help. One of the best ways to improve your cybersecurity is by implementing password security, such as using a password manager or single sign-on solution with MFA.
Neglecting to Keep All Devices Used for Work Regularly Updated
Most incidents of ransomware and malware infection are the result of a hacker exploiting an unpatched software or operating system (OS) vulnerability. These are flaws in code that allow a hacker to breach a system that the software vendor has addressed… but the user never applied the update.
You can’t rely on employees to keep their own devices updated regularly. People get busy and don’t want to interrupt their work to install an update. Some users might be afraid that an update will “mess something up” so they purposely ignore it.
This leaves a company at higher risk of an account breach that can quickly spread from one device to another. The best way to ensure all security patches for vulnerabilities are installed promptly is to put all employee devices on a managed IT services plan.
Hoping for the Best as Your Remote Worker Security Plan
The remote worker has gone from an anomaly to the norm in offices around the world thanks to the pandemic. Many companies plan to keep remote and hybrid workforces in place.
But a big mistake that’s causing companies to become victims of cyberattacks is they don’t include remote user devices in any type of security plan, and instead just hope for the best.
It’s time to stop thinking of “the office” as in a single building, and instead, understand that your company network now extends to the homes of any employees that access work applications and data from home.
This part of your network needs to be just as secure as any users working in your headquarters.
Not Using Multi-Factor Authentication With All Cloud Accounts
There is no longer a good excuse not to protect all cloud accounts with multi-factor authentication. Adding this additional step to user authentication has been proven to reduce the risk of an account takeover by 99.9%.
Yet, as effective as it is, many business owners don’t have it in use on all their user accounts. They may be afraid of it hurting productivity or getting user pushback because employees think it’s inconvenient.
43% of companies globally don’t use the vital account protection of MFA.
With single sign-on (SSO) solutions being available that reduce the time it takes users to access their accounts, companies can implement MFA without productivity worry.
Not Paying Attention to Rogue Cloud Use in Your Company
A mistake that has become more impactful since the move to remote teams is when companies aren’t paying attention to cloud use in their organization.
Employees, especially those working from home, can innocently begin using a cloud application to facilitate their workflow without getting it approved first. The company may not even realize they’re using it.
This leaves data at risk and can cause a data privacy compliance violation. Not to mention, causing a more fragmented cloud environment, despite any integration efforts you may have made.
It’s important to put a cloud use policy in place that instructs your team as to the apps they can use and how to recommend apps they’d like to use for approval.
Start 2022 Off Better Protected With a Cybersecurity Checkup
Rocky Knoll Technologies can conduct a cybersecurity checkup for your Charlotte area business to identify any areas of vulnerability and provide smart solutions to safeguard your network and data.
Schedule a consultation by calling 704.594.7292 or reach us online.
