Cyber crime is something that impacts on businesses large and small, as well as individuals. Trying to fight cyber crime is a continuous battle – as cyber criminals get smarter and more sophisticated, the cyber security measures you put in place need to keep pace.
In a 2018 report by Juniper, they reported that the number of breaches records will triple by 2023 with over 33 billion records stolen by cyber criminals in 2023. This is a huge jump from the estimated 12 billion records in 2018 and shows that companies still have a long way to go in adequately protecting their data.
Small businesses continue to remain vulnerable to cyber-attacks, many using consumer-grade products to protect their business assets. As newer forms of malware are released, more advanced cyber security protection is needed to combat the threats posed.
NEC New Zealand partners with strategic vendors to provide best-in-class cyber security solutions to our customers. We work with companies large and small to provide next-generation security platforms, enabling protection against advanced cyber security threats.
We work closely with our customers to create a bespoke strategy that focusses on threats that are both generic and specific to that particular business. There are of course things that you can be doing to help mitigate against cyber security threats. Here are nine of the most common mistakes to avoid with cyber security:
1. Assuming you’re not a target/thinking it won’t happen to you
One of the biggest mistakes made by businesses is to assume that you won’t be the target of a cyber-attack. Here at NEC, we work on the assumption that every business will be attacked at some point. That enables us to prepare that business for the eventuality and ensure they are prepared to deal with the attack.
This is more common with SMBs who think that they are too small or insignificant to be targeted by cyber criminals. The fact is, if your business has an online presence, you are at risk and should adopt cyber security as a business strategy to protect both your stored data and your online resources.
Solution – every business should be investing in cyber security. Work with an expert in cyber security to assess your potential threats and identify vulnerabilities. Then put in place the platforms and processes to deal with the threats that are most relevant to your business.
2. Treating Cyber Security as an IT-only issue
Many businesses adopt the attitude that the IT department own cyber security so if there any issues, ‘speak to IT’. Whilst technology is part of the solution, cyber security requires a holistic approach which includes strategy, policy and process.
Everyone in the company is responsible for cyber security. Having a robust education plan in place to inform staff about threats and keep them up to date with the latest scams can help to prevent cyber security issues before they can get started.
Solution – it’s important to get buy in from the very top of your organisation and ensuring they are carrying out best practice when it comes to cyber security. Regular training sessions, communications and simulations can help to ensure cyber security remains front of mind.
3. Not keeping your network and applications up to date
It’s important to understand that it is virtually impossible to prevent every cyber-attack. The size of your network is just too vast, presenting too many opportunities to ‘get in’. A key part of dealing with any cyber-attack is to understand the architecture of your network and the entry points. Understanding and quickly identifying where an attack was started will help to quickly shut down the threat and put in steps to combat this in the future.
Solution – it’s important to map out the architecture of your network, understanding where critical data is stored and how best to protect it. Mapping out your entire network should be done as a matter of urgency as it will make cyber-attack resolution much easier down the line.
4. Relying solely on anti-virus technologies
Anti-virus is the most common thing that people think of when they are considering cyber security, however anti-virus is only a very small part of the jigsaw when it comes to preventing cyber-attacks. Many cyber attacks now employ malware-free intrusion tactics which means you can no longer rely solely on security at the perimeter to keep attackers out.
Many smaller businesses also utilise consumer-grade anti-virus and whilst this might help in stopping run-of-the-mill malware, it is no match for more advanced adversaries who will deploy sophisticated way of stealthily accessing your system.
Solution – you should continue to use anti-virus software as part of your cyber security solution, however ensuring that it is a) sufficient for the size of your business and b) kept up to date at all times is crucial. Speak to a cyber security expert and find out how to pair anti-virus software with other cyber security measures to keep your business protected.
5. Not monitoring enterprise endpoints
Supporting the point that anti-virus is not the only part of the puzzle, considering and monitoring your endpoints is a crucial part of keeping your network secure. If intruders get beyond your anti-virus (perimeter) then they can roam about quite freely and undetected in your system if anti-virus is your only means of cyber security.
Understanding your system’s endpoints and monitoring these allows you to quickly detect these intrusions and deal with them effectively.
Solution – endpoint monitoring should be a key part of your cyber security jigsaw and these should be monitored constantly. This enables you to take a proactive rather than reactive approach to your cyber security.
6. Ignoring the basics
One thing that many businesses focus on is the latest developments in cyber-crime – what are the newest threats and how to combat them. What often get overlooked, however, are the basic cyber security threats – insecure passwords, email phishing scams and remote access to wi-fi networks.
In 2018, Avanan reported that for every 99 emails sent, 1 was a phishing scam. This has been increasing in 2019 and to date, there has been a 65% growth in the number of phishing attempt according to Retruster. Despite this rise in phishing attacks, many companies ignore the threat when a simple education programme would help to reduce the impact of phishing attacks.
Solution – as part of your cyber security policy and procedures, education around these basic cyber attacks should be prioritised. Regular training sessions, identifying new threats, should be scheduled and attendance should be compulsory for all staff. User access management is another way of ensuring that staff only have access to the bare minimum requirements to carry out their role, limiting the amount of access points for potential threats.
7. Poor password management
It seems strange to still be talking about poor password management as we enter 2020, however, for many businesses, password management still presents a very real cyber security threat. Weak passwords are still prevalent and are one of the leading reasons for a variety of cyber-crimes, including brute force attacks. In 2018, Magento users fell victim of a brute force attack, with over 1,000 user accounts compromised due to weak user passwords.
Solution – as part of your cyber security policy, enforce the use of complex passwords that include alphanumeric and special characters. You can also enable two-factor authentication where a security code can be sent to a linked phone to help improve the security levels, especially for those with access to sensitive data. Finally, you can also implement a strategy where passwords are periodically updated, and users are sent reminders to update their passwords.
8. Unsecure Wi-Fi usage and third-party apps
The advancement in mobile technology has undoubtedly enabled businesses to operate more flexibly and more efficiently. With the increased use of BYOD in the workplace, however, comes new cyber security threats. As people are always on the move, using work devices, which often contain sensitive data, connecting to unsecured Wi-Fi in airports, hotels and cafes pose a very real threat to that data. The same applies to people who connect to charging stations at airports and train stations.
Another issue with BYOD is the use of third-party apps on those devices and how this can be controlled. Many people mix work and leisure when it comes to apps on phones, often paying little attention to the access they are granting apps when they download them. This can lead to security breaches as hackers target unsecured third-party apps as a gateway to accessing other secure apps on your device.
Solution – your cyber security policy must cover off the use of Wi-Fi and the downloading of third-party applications. Restricting the use of public Wi-Fi for carrying out sensitive tasks like making online payments or file sharing is a good way of mitigating against potential threats. You can also use a VPN (Virtual Private Network) when accessing from a public place which will help to keep your online activities secure.
9. Not testing
Putting in place policies and processes is great, however without adequate testing, you will never be sure if the strategies you have implemented will actually work should you come under attack. That’s why regular testing should be a part of your policy, testing in a real-life situation and monitoring the outcomes so you can refine your cyber security strategy and ensure that when an actual threat is detected, everyone knows what they should do and who they should contact. An incident response plan should be part of your cyber security documentation and this should be followed during the testing process.
Solution – make robust testing part of your cyber security policy and ensure tests are carried out to recreate real-life situations. That’s the only way to make sure people understand the process and the steps involved.
Summary
Cyber security threats continue to grow and whilst cyber security technology is also advancing, it’s important for businesses large and small to put in place policies and processes that help to mitigate against cyber security threats. As we enter 2020, avoiding the nine mistakes above will go a long way to helping you and your business mitigate against cyber security threats and keep your data secure.
With so many threats out there, it is essential to learn how to protect yourself from cyber security breaches. Not everyone can be security experts but it’s important to be aware of the risk of cyber attacks. Reaching out to companies like NEC who have experts and global knowledge to help the fight against cyber threats reduces the risk of breaches.