Did you know that most data breaches aren’t the result of some big hack by clever criminals? They’re the result of businesses lacking basic cybersecurity best practices.
In the Sophos 2021 Threat Report, which looks at breaches around the world in the last year, it was found that many of the most damaging breaches happened because IT security was lacking.
The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
When you follow the basics of cybersecurity, you can significantly reduce your risk of falling victim to a costly attack. But it takes being vigilant and understanding where you may be making important mistakes that leave you as a sitting duck for hackers.
Are you making one of these common cybersecurity mistakes?
Thinking You’re Too Small to Be Targeted
Small business owners can get into the habit of thinking they’re too small for hackers to worry about, and as a result not put strong enough IT security in place.
But to a hacker, any size company is big enough to be a victim. Small businesses are actually “low hanging fruit” when it comes to the ease of breaching a network specifically because they tend to have less security.
They also have just as much valuable information hackers can use to make money as larger companies, such as employee payroll records, customer records, and any kind of data that can be encrypted and held for ransom in a ransomware attack.
43% of all data breaches involve small and mid-sized businesses, and 83% of SMBs are not financially prepared to recover from a cyberattack.
Not Testing Restoration of Your Backups
All-sized companies get caught making this next mistake. Businesses spend time and money putting a backup system in place, but then never test the restoration process.
This has caused companies like Colonial Pipeline, who suffered a major ransomware attack last year, to pay a multi-million-dollar ransom even though they had a backup. They hadn’t tested the backup restoration, so were unsure how long it would take and thought paying off the attackers would restore operations faster.
It’s important to regularly test your backup restoration process so you can ensure that you have a system with adequate restoration speed and get your team familiar with executing the process.
Not Keeping Accounts Protected With Multi-Factor Authentication
Cloud accounts are the new holy grail for hackers, and user credentials are the best way to break into them. Most SaaS providers have stringent security safeguards that are not easy to hack. With a user password, it doesn’t need to be, as the attacker gains access through a legitimate login.
In 2020, there was a 630% increase in attacks on cloud accounts and now credential compromise is the #1 cause of data breaches globally. Yet with the increased risk, still many businesses aren’t using multi-factor authentication (MFA) to protect their accounts.
Putting this additional step in place to require a time-sensitive code at log in, significantly increases your cloud account protection. According to Microsoft, MFA can block 99.9% of fraudulent login attempts.
Lack of Any Password Security Enforcement
You can tell employees to make strong passwords, not reuse passwords, and not to share passwords, but if you don’t enforce those policies, you’ll likely end up with weak passwords being used that leave your company at risk.
Employees have as many as 100 passwords to juggle on average for various work and personal accounts, so poor password habits are all too common.
Some password security enforcement measures you can put in place include:
- Setting account security not to accept passwords less than 10 characters
- Setting account security to require at least one number and special character in a password
- Using a business password manager so employees don’t have to remember all those strong passwords, they only have to remember one
Not Having Annual IT Security Audits
The cybersecurity landscape evolves rapidly as hackers seek out new forms of attack. The cycle usually goes that hackers use an attack method until cybersecurity professionals and companies begin developing policies to stop it. Then, they try something new that exploits an unprotected area.
Even if you feel you have strong IT security in place, you should get an annual audit. IT professionals stay informed of the latest attack trends and will be able to uncover any new areas of vulnerability so you can address those before a hacker can exploit them.
Start 2022 Right With a Cybersecurity Audit
Start the year more secure and protected by scheduling a cybersecurity audit. Carl’s Computer Care can review your Louisiana company’s current safeguards and make recommendations for any risk areas.
Contact us today to schedule a consultation! Call 225-315-3498 or reach us online.