Three Common Mistakes Businesses Make When It Comes to Cyber Security
March 24th, 2021 by William Wentowski
Cyber crime continues to increase in frequency and has become a growing concern for businesses everywhere. While this has lead to increased adoption of cyber security solutions, the rate of cyber crime has not slowed down. Why do businesses keep falling victim to these attacks despite using better technology that’s designed to stop them from happening in the first place? We can tell you exactly why it happens, because they keep making the same mistakes over and over again.
What Businesses Do That Puts Them at Risk of Being the Victim of Cyber Crime
We’ve see the same preventable issues show up repeatedly at different businesses over the years. Issues that slip through the cracks of a cyber security plan and lead to phishing scams, malware, ransomware, and/or data breaches. While there’s always room for improvement, we find these three common mistakes to be the most prevalent:
Lack of Employee Training
Your defense is only as strong as its weakest link, and more often than not that tends to be your employees. How strong your firewall is or how "managed" your security is doesn’t matter; one slip is all it takes. If the person in charge of the front desk clicks the wrong link your system may become compromised. That's why it’s so important to invest the time and money to provide the proper training for your staff. Your first line of defense is a well-trained employee who can recognize a potential threat in their inbox.
Proper Credential Management
I'm sure everyone reading this has heard somewhere of a high-profile business getting hacked because their username was Admin, and their password was 1234. We can tell you that it's not a joke, and it happens more often than it should. Even worse, some businesses don't change login information when they remove employees or acquire another company. We can't stress enough that you need to manage your credentials properly to minimize risk. You have to update passwords, use two-factor authentication, and delete logins for people no longer at the company. It doesn't take a genius hacker to steal a company’s data when their password is quite literally “password”.
Over Reliance on Insurance
If you read mistakes 1 and 2 only to think, "That sounds overly expensive or time-consuming, and in the worst-case scenario my insurance will cover the damages if I get attacked," then congratulations, you made mistake number 3. There seems to be a common train of thought that insurance works just fine as the only plan of action for cyber security. Of course, this neglects one little detail - insurance companies will avoid paying if at all possible. Here are a few examples of what most insurance providers will not cover or use as a reason to avoid paying all together:
- Attacks from nation-states, i.e. any hacking from out of the country
- Negligence, such as our previous two points
- Your security provider didn't take the basic steps necessary for coverage
- Wiring money into outside accounts
- Property damage or hardware replacement
- Coverage of third-party services such as e-mail, cloud, and web hosting
- Ultimately, even if the claim is covered there are still other problems insurance is unable to solve: damage to your reputation, potential costs of lawsuits, and losses incurred due to downtime.
When it comes to cyber security, preventative measures taken beforehand are almost always less expensive than dealing with the aftermath of a breach. Good cyber security requires strong support from both the technological and management sides of the equation, and no other company understands this better than BTS. Our own William Wentowski gave a presentation on this very subject for the Shade Valley Rotary Club. If you think we don't know what we are talking about, the responses to the presentation speak for themselves:
"Thank you again for a very illuminating talk about cyber security, I have to complete several hours of PCI training each year, and I still learned a lot in your presentation" - Presentation Attendee
Find out what else your business might be doing that is jeopardizing your cyber security, contact the experts at BTS today.
Posted in: Cyber Security