A new decade means a new whirlwind of security advancements and cyberattacks. In order to adapt to these new challenges, businesses need to leave behind outdated and common mistakes in 2020. Here are eight security mistakes to avoid making this year.
1. Denying Your Business as a Possible Target
The mentality that a cybercrime won’t happen to you is not only outdated, but this oblivious thinking can endanger company and employee privacy, eventually corrupting your organization. Cyberattacks can happen to any business at any time, no matter the size. In fact, 81% of all cyberattacks happen to small and medium-sized businesses. This is primarily due to the lack of cloud solutions and cybersecurity cultures.
Larger companies and franchises however, can also make this mistake thinking that they are secure enough. Most have invested in cloud solutions like Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS), however, they might not keep up with hacking trends, causing their cybersecurity to suffer. Last year, Google revealed that 33.3% of employees claimed that they never received cybersecurity training. Always be prepared for any type of malicious activity because yes, it will happen to you if you aren’t proactive.
2. Ignoring Computer & Software Updates
It’s easy and tempting to ignore computer and software updates, however, those pesky and irritating reminders could be your saving grace for business protection in the long run. This is because these updates fill in security gaps where your system might have vulnerabilities. Think of a security gap like a cut or a scrape and a software or computer update as the medicine. The longer you wait to update them, the higher the chance of a vulnerability being exposed or exploited by a cyberattack.
Failure to update your programs means that, if faced with a cyberattack, it is more likely to spread, possibly shutting down your devices and damaging your company’s operations. While system updates might seem like an inconvenience initially, neglecting these reminders will put your organization at risk, with potentially detrimental consequences. Fortunately, most software automatically updates, however it’s never a bad idea to double check that everything is up to date.
3. Underestimating Cybersecurity Services
Underestimating cybersecurity services goes hand and hand with denying that your business is at risk for a cyberattack. If you’re in denial about being at risk, then you’re less likely to invest in the services that will protect your company. This might be the most dangerous territory of all because cloud security is one of the smartest business investments, as it has a 99.99% protection guarantee. Back in 2019, the City of Baltimore suffered $18.2 million in damages after a ransomware attack crippled its servers. Not only did this attack result in costly repercussions, but the amount of downtime that the city experienced was exacerbated due to its lack of investment in proactive data backup, disaster recovery and cybersecurity solutions.
You might not necessarily underestimate cybersecurity, but many businesses are reluctant to invest in cloud solutions due to a lack of understanding, therefore they don’t know what is right for their business models. Unfortunately, this means postponing their investment, leaving them open to cyberattack. Fortunately, Security as a Service (SECaaS) streamlines the cybersecurity process for organizations by allowing for simplified bundling of security solutions. Companies can invest comprehensive cloud security solutions, including: anti-virus, firewall, Security Information and Event Management (SIEM) and Intrusion Detection and Prevention. Allowing for companies to invest in complete end-to-end security coverage takes the guesswork out of preparing for an attack and provides a much-needed peace of mind.
4. Frequent Password Changes
This might come as a surprise, but frequent password updates can actually hurt your business. It’s an outdated security method that many companies continue to instill in their cybersecurity protocols. There are a few reasons why this is a mistake. For one, businesses tend to use the same password for multiple accounts, which is a huge red flag. Also, how users create their passwords is very predictable for hackers. People choose whatever is easiest to remember, which turns out to be shorter and much weaker passwords. When it’s time to reset them, users typically make small tweaks to their existing passwords rather than creating entirely new ones. All these factors increase vulnerability in company networks.
Frequent password updates are also time consuming for security teams and lower company efficiency. Between 30% and 50% of all IT call requests are for password updates, while a single password reset for one employee costs $70 alone. The constant demand creates chaos, takes employees away from more important tasks and is usually money wasted.
Instead, use multi-factor authentication to add an extra layer of security to your employee passwords. This will increase the security of your company and reduce the likelihood of password theft. Stolen passwords can lead to data corruption and theft, so make sure to also use Backup and Disaster Recovery as a Service, powered by Veeam Cloud Backup and Disaster Recovery so company information can easily be recovered.
5. Recycling Passwords
Recycling passwords goes hand and hand with frequent password changes because the more often you change your password, the likelier you are to choose something you’ve used in the past because it’s easier to remember. Fortunately, most systems recognize if a password has been used in the past and will require the user to create an entirely new one. At this point, you’re probably thinking that password creations seem contradictory. You don’t want to change your passwords that often, yet you also don’t want to recycle them. So, what are you supposed to do? In short, stay organized with password managers for safekeeping.
6. Connecting to Unsecured Wi-Fi
Unsecured Wi-Fi means that anyone within range can also connect to that network. As convenient and tempting as this might be, connecting to unsecured networks is the perfect gateway for hackers. Cyberattacks caused by unsecured networks include but are no limited to, malware distribution, Man in the Middle (MITM) Attacks and Wi-Fi Honeypots, which are fake networks created by hackers. Your business network might be secure, however, keep in mind of the unsecured networks that your employees connect to on their personal devices. Even one instance can expose their personal information, login credentials and work emails, which puts your business in danger.
One way to avoid this is by establishing a cybersecurity culture in your business. Most of time people aren’t even aware that they’re doing something wrong when connecting to unsecured networks. This is because they lack proper training and cybersecurity knowledge. Additionally, require that employees use a Virtual Desktop to connect to the company network. By creating an extra layer of protection between the endpoint and the network, companies can ensure that if an endpoint is infected it cannot spread the infection to the network. Remember that 97% of attacks could have been prevented. Both proper cybersecurity training and cloud services fall under this number.
7. Neglecting Multi-Factor Authentication
Multi-Factor Authentication (MFA) is multi-step process that adds an extra security layer to your business’ password access. Along with traditional usernames and passwords, MFA requires an additional step to access accounts and endpoint devices. Accounts and devices without MFA are jackpots for cyberattacks because hackers have a much higher chance of cracking one password rather than multiple, which is why it’s best not to make this mistake in 2020.
8. Foregoing Email Security
Email is one of the most popular cyberattack platforms. In fact, 92% of malware is delivered by email, which is why failure to implement email security is a huge mistake and can be a detriment to your business. With cyberattacks like phishing and ransomware gaining more traction, spam filters aren’t always enough. Email security restricts specific emails from entering inboxes, flags suspicious links and attachments and can detect impersonations, reducing the likelihood of human error initiating an attack.
In many ways, cybersecurity is like health insurance. You pay for the protection of your health just like you do your business, but it’s easy to remain in denial thinking you won’t get sick and that your business is not prone to a cyberattack. This careless mentality creates a domino effect. One mistake leads to another, then suddenly, you’re hit with an unexpected emergency room visit that could have been paid for with an insurance investment, while your corporation is suffering catastrophic consequences because you failed to invest in cloud security. The main takeaway is that these mistakes might seem small and harmless, but constantly making them overtime will ultimately jeopardize your business.