The latest Cyber Crime Statistics show that the estimated cost of Cyber Crime to the UK economy is a staggering £27 billion per annum. £21 billon is the economic costs to businesses.
The costs of falling victim to a cyberattack can include loss of business, productivity losses, reparation costs for customers that have had data stolen, and more. Sixty percent of small and mid-sized companies close within six months of a data breach due to the cost of the breach.
This article will outline five cyber security mistakes that you can prevent really easily, and why they matter:
5 Cyber Security Mistakes That Are Easily Preventable
Here are the five most common basic IT security practices mistakes:
1. Not implementing multi-factor authentication (MFA)
Not ensuring that your user logins with multi-factor authentication (MFA) is a common mistake that puts organisations at a much higher risk of security breaches.
According to IGM Security, credential theft has become the top cause of data breaches worldwide. As most organisations now rely on cloud-based processes and data, login credentials play a pivotal role in various network attacks.
Microsoft advises that just by implementing MFA, you can reduce fraudulent sign-in attempts by a whopping 99.9%.
2. Not being aware of the use of Shadow IT
Shadow IT is when employees use applications that the company hasn’t approved.
The use of Shadow IT exposes organisations to risk for several reasons:
- A non-secure application may utilise the internal data.
- Organisational backup strategies do not include the data.
- If the employee resigns, the data might get lost.
- The app being used may not meet company compliance requirements.
Employees frequently start using apps independently as they attempt to address gaps in their workflow, unaware of the risks associated with using an app that their organisation’s IT team hasn’t vetted.
It’s essential to have cloud-use policies that clearly explain the applications that can and cannot be used for work.
3. Using only an antivirus application
No matter how small your business, a simple antivirus application is not enough to protect you.
Many of today’s threats don’t use a malicious file at all.
Phishing emails contain commands that are sent to legitimate PC systems without being flagged as viruses or malware. Phishing also often uses links rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes tools like:
- Next-gen anti-malware (uses AI and machine learning)
- Next-gen firewall
- Email filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
4. Not having device management In place
After the pandemic, however, most organisations around the world have required employees to work remotely from home, but they haven’t always implemented device management for remote employee devices.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, then it’s time to implement a device management application such as Intune in Microsoft 365.
5. Not providing adequate IT security training
Human error is responsible for an astonishing 95% of cybersecurity breaches, but unfortunately, too many organisations don’t take the time to train their employees in solid cybersecurity practices regularly. In turn, users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.
Some ways to infuse cybersecurity training into your organisations culture include:
- Short training videos
- IT security posters
- Team training sessions
- Cybersecurity tips in company newsletters
Next steps for building more effective IT security
As cybersecurity risks grow, it’s important to employ effective security tools and practices and update them as necessary. Otherwise, your company might create preventable vulnerabilities and expose itself to unnecessary risks.
Some common cybersecurity mistakes include:
- Not implementing multi-factor authentication
- Ignoring the use of Shadow IT
- Using only an antivirus application
- Not having device management In place
- Not providing adequate IT security training
Are you are unsure of your organisation’s email security tools or practices? First step is to speak to your IT provider or internal IT team.
If you don’t currently have security tools or practices, your IT provider or team can help you find solutions that will meet your security needs.
If your IT provider or team lacks knowledge of your system usage, does not promote its use, or refuses to adopt proper security practices outlined by a security framework, it might be necessary to reassess your partnership.
Time for a new provider? Why not schedule a chat to see how we can help improve your security.
If you aren’t ready to schedule a call but would like to learn more about Cyber Security, we recommend the following articles: