A recent study initiated by Google over the past year exposed increasing threats from cyberattacks on BILLIONS of users. Are you certain your users are safe?
Google recently reported that billions of their users have been victims of cyberattacks. Nearly 12.5 million victims in phishing schemes, 750,000 in malware, and almost 2 billion hacked accounts.
While these numbers may seem eye-opening, the stats are not surprising to many security firms. Today, I want to talk about 8 tactics your business security should adopt to avoid becoming a growing target in 2018.
Problem 1: Do not let users reuse passwords. One important point every security expert underscores is to avoid reusing passwords across multiple accounts.
Why is this a problem?
If a user were to use the same password for every account—including personal accounts— any breach to an account could compromise every other account they access with that password. This increases your risk to a network breach.
How to fix it?
Consider enforcing a password policy across your network that requires un-repeated passwords for each account. Make sure your users are creating passwords that are not predictable to crack—for example, that contain words, birthdates and names. Consider using encrypted password vaults, such as KeePass to store account passwords. These applications allow users an easy and secure means to store passwords.
Problem 2: Consider changing your password every month—The longer a password lingers unchanged on the network, the more likely it will get cracked.
Why is this a problem?
Hackers do attempt to crack passwords by looking at all combinations of characters and numbers. If your password lay unchanged for years, you’re giving criminals greater chances of actually cracking it!
How to fix it?
Consider instituting a password policy that enforces users to update their passwords on a regular interval (most security standards recommend monthly password changes).
Problem 3: Avoid permitting personal email on business networks— Analyses of the most popular phishing kits (ways cybercriminals use email and other apps as a means to hack into networks) revealed that mainly Yahoo, Hotmail and Gmail were big targets, all of which are commonly used for personal email.
Why is this a problem?
If you are allowing your staff to access personal email on your network, you risk bringing in phishing and hacking vulnerabilities that your enterprise business email system would have blocked or flagged. By allowing users access to their personal accounts, you are opening a door to increased threats.
How to fix it?
Consider restricting email use on your network to your enterprise system that can be properly monitored. If users need to access personal email, consider restricting their access to personal devices that are permitted to only access a ‘guest’ network, if you permit personal devices to connect.
Problem 4: Avoid opening the door to bad Bring Your Own Device (BYOD) Policies—many businesses allow people to use personal devices—phones and tablets—in the workplace.
Why is this a problem?
The problem with BYOD is that users risk bringing vulnerabilities—including viruses and malware—from their un-monitored personal devices onto your business network.
How to fix it?
Consider instituting a BYOD policy that at very least restricts device access to your business network. By creating a partitioned ‘guest’ network that gives devices access to wireless internet, you mitigate risks of devices compromising network security.
Problem 5: Make sure your IT Support know your enterprise— there are many industry-specific security risks and compliance needs that IT Support should be familiar with inside of your specific industry.
Why is this a problem?
Your business accesses, manipulates and transmits sensitive data in very specific ways. If your IT Support does not understand the intricacies of your business and compliance pressures, they will not be able to appropriately support your security needs.
How to fix it?
Ensure that your IT Support team intimately understands how your business works, has experience within your vertical or has appropriately trained their staff on your industry’s use of data and need for security. Your support team needs to understand how to appropriately mitigate risk in your business and prioritize what security issues should be top of mind.
Problem 6: Does your IT Support understand where your security gaps lie— IT Support should be able to identify your industry’s, along with your business’, specific security risks at any given time point.
Why is this a problem?
Understanding and defining security risks for your business is the first big step in mitigating breach risks.
How to fix it?
Your IT Team should understand the ins and outs of your core business processes and how every single role in your organization interfaces with IT Security. One of the easy first steps to define your problems is to set up a third party security assessment.
Problem 7: Does Your IT Support experience the swivel chair effect—IT Support team members are hard to retain in many organizations.
Why is this a problem?
For companies with internal IT Support, employees tend to get disillusioned by the monotony of their work. For many outsourced solutions, improper management or incentive plans leave technicians with a “grass is greener mentality”.
How to fix it?
Good IT Support teams recognize and encourage growth amongst their team members. Through on-going team training, team member support and job satisfaction check-ups, IT Support management should encourage their team members to grow to have bigger responsibilities and knowledge contributions within their organizations. Unfortunately the majority of IT Support management fail to retain team members for more than 24 months, leading to a perpetual rotating door of support members.
Problem 8: Do you have an appropriate IT Security workflow—your organization likely has a unique set of requirements based on threats to your industry and security compliance policy.
Why is this a problem?
IT Support need to understand how security issues need to be escalated and what steps need to be taken when a security incident occurs.
How to fix it?
Make sure your IT Support has developed appropriate security workflows to match your business’ needs. Your support team needs to understand what steps need to be taken, in what order to adequately detect, analyze and respond to security issues. One common recommendations that security experts suggest is to use a third party security assessment to understand how to improve your current IT Security.
Are you certain your IT Security is keeping you safe?
Are you sure your business isn’t a sitting duck to become the next cybersecurity statistic? Contact us TODAY for a FREE security assessment!