Another cybersecurity awareness month has come and gone. But that doesn’t mean you should stop thinking about the steps to protect your business.
We understand that cybersecurity is complicated and we want to help. Most cybersecurity experts agree that businesses usually make mistakes about the security of their data in five areas. These mistakes are commonly related to: passwords, software updates, antivirus, email security, and a lack of training. But the good news is that all these mistakes are reasonably simple to fix.
1. Passwords
Issue
First things first. Let’s talk about passwords. Weak passwords are a great opportunity for cyber criminals to strike. And how many of us are guilty of using weak or the same password for our accounts? According to HIPAA Journal, 1 in 5 users. And it only takes one to compromise the network security!
Fix
So what do we do?
- Create a strong password that is at least 12 characters long and includes uppercase and lowercase letters, numbers and symbols
- Do not reuse your password. Instead, create a unique password for each online account
- Use 2-step verification, when possible
- Don’t write your passwords down (on paper or electronically)
- Use a password manager software
- Make a habit of updating passwords for your accounts
2. Email
Issue
According to ProofPoint, 88% of businesses worldwide were targets of email phishing attacks in 2019 and 55% of attempts were successful! Links, attachments, and data entry requests are the most common forms of phishing and may create an opportunity for a breach that can delete or compromise your data or even disable your gadget.
Fix
How do we minimize the risk of falling victim to email phishing?
- Don’t open links or attachments sent by email from unknown senders
- If an email seems suspicious, contact the sender to confirm if they sent you that email
- Don’t respond to unsolicited emails
- Don’t share sensitive information such as credit card details or passwords
- Report any suspicious emails, links, requests for information, or attachments
3. Antivirus
Issue
It’s a common misunderstanding that you don’t need to do anything else once antivirus is installed. As any other software it does require maintenance and configuration. And in fact, the antivirus alone is not enough to prevent an advanced attack.
Fix
So what steps do we need to take?
- Configure your antivirus (firewall, real-time scan, exceptions etc.)
- Like any other software, keep your antivirus updated to get the most protection out of it
- Make sure you are actively subscribed. Most protective features are not available with expired antivirus
- Remember that two antivirus programs are not better than one
- Create a well-rounded security practice beyond anti-virus software by employing endpoint security management
4. Updates
Issue
When was the last time you updated your software? If you are still thinking about it you might need to read this section. Neglecting Windows, macOS, Linux operating systems, software and network updates lowers your protection and creates opportunity for a security breach. New software updates, for your computers’ operating systems and the various software programs you use, often come with new protection against common cyber attacks. If you are behind in your updates, you may be at risk.
Fix
What can we do?
- Learn and understand how your network works
- Create a plan to keep all your software updated regularly and follow it
- Don’t postpone updates, treat them with a sense of urgency
5. Training
Issue
Do you train your staff in cybersecurity protocols? If not, you could be creating unnecessary risk for your data. Emily Swallow, the Account Director of NeoPR, says that around 70% of all security breaches result from internal user errors. 70%? That’s a high percentage of security breaches resulting from staff errors. For more information on who is responsible for maintaining cybersecurity check out last year’s article Cybersecurity: Whose Job is it?
Fix
The obvious solution is to provide proper training to each staff member, regardless of their role. But how do you provide this training? It’s unlikely that having staff members watch a short cybersecurity video will provide the results you are hoping for. Yahoo created a training program for their employees that not only gave the information but also led to lasting results.
- Make the training engaging
- Make it consistent and continuous
- Use real-world examples
- Talk about good practices and the risks if they aren’t followed
We hope the solutions to these five costly cybersecurity mistakes prove helpful to you, your staff, and ultimately your business. For more information on what you can do to protect your business check out our article How Cyber-Secure Is Your Business?
Which of the suggestions mentioned above will you implement in your business? Have solutions that aren’t listed here? Leave a comment below, we would love to hear from you!