One of the big findings in the Sophos 2021 Threat Report was that the lack of attention to basic cybersecurity best practices is at the heart of many of the most damaging attacks that companies saw last year.
Many small businesses don’t take their IT security as seriously as they should and expect software like antivirus to do all of the heavy lifting. However, keeping your network and endpoints secure from multiple threats takes vigilance and adherence to cybersecurity best practices.
The average cost of a cyberattack for a small business is over $25,000. Most of that cost comes from business downtime and doesn’t factor in the cost of customers that may lose faith that your company can safely protect their data.
Is your company making any of these common IT security mistakes?
Not Using Multi-Factor Authentication
Credential theft has skyrocketed since most company data is now being stored in the cloud. Many businesses still have a problem with password security and suffer from employees using weak passwords and reusing passwords.
Multi-factor authentication (MFA) is one of the best defenses that you can put in place to prevent an account compromise. It is 99.9% effective at stopping fraudulent sign-in attempts.
Lack of Endpoint Monitoring & Management
Long gone are the days when all company devices would be locked in the same building and only used during business hours. Employees work remotely, work while traveling and work from multiple devices (laptops, desktops tablets, smartphones, etc).
It is vital to have visibility into how those devices are accessing your business resources as well as have the ability to manage security policies consistently.
Many small businesses fail to put any type of endpoint device management in place and are much more vulnerable to an attack or data leakage from an unsecured device.
Failing to Test Backup Restoration
One of the reasons that so many companies end up paying the ransom in a ransomware attack is that they have not tested backup restoration. They are hit with an attack and need to get operations back up and running quickly and are unsure how long it will take if they use the solution they have in place. They opt to pay the ransom and that further fuels these kind of attacks.
Approximately 56% of ransomware victims pay the ransom to the attackers.
Backing up your data is just the first step. It is also important to test your restoration capability and practice this regularly. This ensures that you land on a backup solution that has fast and complete restoration and that your team knows the proper steps to take in the event of a data loss incident.
Not Having Update Management in Place
A majority of cyberattacks are enabled due to unpatched system vulnerabilities. Users tend to put off updating their devices because they don’t want to interrupt what they’re doing. Businesses end up paying the price when an avoidable data breach happens because a security patch was not applied.
It is important to have automated update management in place that keeps all user devices current with the latest updates for software, firmware and operating system.
Keeping Cloud Platform Security Settings at the Default
Misconfiguration of cloud security settings leads to cloud account breaches. Many SaaS tools have several security features. However, these are not all turned on by default.
It’s up to the company to use the tools provided and configure them properly to ensure their data and accounts are protected.
One example of this is multi-factor authentication. Most cloud platforms will have this. It needs to be turned on by the company to be put into effect for its account users.
Not Having a Cloud Use Policy for Employees
During the pandemic, the problem with unauthorized application use got larger than it already was. When employees use cloud applications for their work without permission, it can leave business data vulnerable for several reasons.
Unauthorized app use can lead to:
- Data being unprotected by a backup
- Use of an app that does not meet compliance requirements that the company must adhere to
- Data being lost because an employee quits and no one has access to an app they were using
A cloud use policy spells out the approved applications that employees can use for business tasks and restricts the ability to use apps that haven’t been approved. This helps keep cloud security and cloud spending under control.
Having Too Many Privileged Accounts Hurts Your Cybersecurity Plan
Privileged accounts (ones that have administrative access) are a goldmine for hackers. They allow them to do things like add and remove users and change system security settings.
Too many employees with privileged accounts leaves your data at higher risk. It’s best to follow the “rule of least privilege” which states that employees should have the lowest level of privilege in a system as needed to do their daily tasks.
Get a Cybersecurity Audit to Start the New Year More Protected
Sound Computers can help your Connecticut business start 2022 with better cybersecurity and a lower risk of a breach.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.