Cyberthreats are becoming more dangerous every year. Cybercriminals are not only becoming more successful at stealing the data of large companies but also those of small- to medium-sized businesses (SMBs) because of their security negligence.
But while those threats are imminent, we at USWired believe that it's never too late to start protecting your businesses from threats such as malware, phishing, and denial-of-service (DoS) attacks.
Let’s take a look at some of the top cybersecurity mistakes that your business should avoid:
#1. Thinking that you are not a target
Thinking that your small business won’t ever become a target of cybercriminals is one of the biggest cybersecurity myths. In fact, small businesses are more vulnerable than ever when it comes to cyberattacks. According to insurance carrier Hiscox, organizations of all sizes lose $200,000 on average after suffering a cyberattack. To make things worse, 60% go out of business within six months.
Cybercriminals are taking advantage of the negligence of SMBs: they are aware that SMBs do not spend a lot of money on cybersecurity, making these organizations an easy target. In the future, cyberthreats will become more clever and dangerous, so it’s best for SMBs to invest in proper cybersecurity solutions now to protect their data.
#2. Failing to patch your software
Every software is written with code, and more often than not, you can find a flaw in its programming that leaves a vulnerability that cybercriminals can take advantage of. Hackers are targeting these with the goal of stealing personal and financial information from businesses and using the stolen data for their own gain.
This is why having a patching plan is important. Software makers are constantly plugging security holes found in their programs. This involves maintaining available security patches, choosing the appropriate updates, and ensuring proper installation. Not only does this prevent hackers from gaining access to your data, but it is also required by cybersecurity regulations.
Your patching plan should also include your computers’ operating system (OS). However, we highly recommend upgrading from Windows 7, as support for the OS ceased on January 14, 2020 and there will be no more security patches available. Continuing to use the OS could make your organization vulnerable to cyberattacks.
#3. Using weak passwords
Weak passwords are the main reason why many cybercriminals are able to steal data from businesses. And it seems that many people still haven’t learned the importance of coming up with secure passwords. According to password manager company NordPass, the top worst passwords of 2019 include “12345,” “test1,” “password,” “qwerty,” and “iloveyou,” which are similar to the ones listed in 2018.
Many still use these passwords because they are easier to remember compared to random strings of text containing letters and numbers. Many users also think they have nothing to hide. This is a dangerous mindset, however, especially for businesses. Once an employee’s corporate account has been compromised, it can easily be used for data theft.
Passphrases can help users come up with secure but easy to remember passwords. For instance, a passphrase like “correcthorsebatterystaple” is hard for hackers to guess because of its randomness, but can still be recalled easily, compared to a password like “Tr0ub4dor&3,” which contains numbers and letters.
It’s also helpful to implement multifactor authentication (MFA). MFA uses more than one way to verify a user’s identity, such as a one-time smartphone code, fingerprint, or facial scan. Even if cybercriminals acquire a user’s login credentials, they won’t be able to access the account without fulfilling the subsequent security measures.
#4. Not regulating personal mobile devices at work
Using personal mobile devices such as laptops, smartphones, and tablets at work has made many people become more productive because of their familiarity, compared to using company-provided devices that are configured more securely. However, by not regulating them, you can be exposing your business to cyberthreats.
For example, if one of your employees unknowingly connects a virus-infected laptop to your office network, the malware can spread to other computers in your network and steal your sensitive data, eventually causing downtime.
Mobile device management (MDM) can be implemented in businesses to mitigate the risks that come with mobile devices. This typically involves monitoring, managing, and securing employees’ mobile devices that are deployed across multiple service providers.
An effective MDM should include data access control and acceptable use policies, mobile device inventory management, and security features such as the ability to remotely wipe devices in case they are lost or stolen, and to detect jailbroken or rooted handsets. MDM software can even provide remote patches and software distribution, so a device will always stay protected.
#5. Excessive access privileges
One of the biggest mistakes businesses commit is giving excessive data access privileges to their employees. For instance, if someone from the marketing department stumbles across a confidential file from the finance department, they can easily copy the file and leak it to the public. Another employee can also modify the contents of a certain file that they should not have access to so they can sabotage the company’s reputation among its workforce and other clients.
To mitigate this possibility, ensure employees only have access to the documents and programs necessary to their work. This way, they cannot access other files that can cause a data breach. This can also help contain attacks on your systems. You can also use access management solutions such as Microsoft’s Azure Information Protection (AIP) to augment existing systems. AIP helps you classify data based on sensitivity, and add visibility and control permissions, ensuring that employees can only access the files and applications they need for their work.
Your business can’t afford to make these cybersecurity mistakes. That’s where USWired can help. Our comprehensive network security service provides data center security, advanced threat protection, and efficient mobility and endpoint solutions. All your bases are covered 24/7/365 without spending a fortune. Contact us today to get started.
