Guest post by Michael Jenkins CTO ThreatLocker.
Cyber attacks are on the rise and are forecast to cost the UK £27bn in 2023 alone.
In an increasingly digital working world, no business is safe from these threats – and it is often simple – avoidable – errors that leave businesses vulnerable.
Cyber attacks are damaging to businesses, both financially and reputationally, and arrive in all shapes and sizes through a variety of methods.
Prevention is always greater than the cure – so erring on the side of caution when it comes to security, what is the best course of action to keep your business safeguarded?
Unfortunately, it’s very easy to slip up. And attackers never need a second invitation to breach a system.
Here are some of the most common cybersecurity mistakes companies make – and how to avoid them.
Physical Mistakes
It’s common for businesses to think of cyber attacks as being based in the digital world – leaving them vulnerable to physical breaches they didn’t even consider.
Most employees carry laptops from location to location which can often leave them exposed to physical attacks from hackers. Breaches can happen in a variety of ways, from hackers infiltrating offices and changing access passwords to downloading sensitive data onto USBs at desks when workers are away.
Many professionals are continuously logged into sensitive and private data which will be fully accessible to hackers who access an unlocked computer when staff are away.
A breach may start with a thief pretending to be a contractor or delivery man to gain physical access. This form of social engineering is highly effective, and once a criminal has physical access to a facility, gaining computer access is as simple as finding an unattended workstation.
There have been numerous instances of people pretending to be database admins where they have gained access to physical databases, and from that point on, they have access to a businesses’ servers. After that, it’s easy to perform some data exfiltration which could later result in a ransomware attack.
Once they leave the premises, they already have active connections to your system. That’s one of the ways hackers go from social engineering to technical hacking.
Virtual Mistakes
Cybersecurity is a critical concern for businesses, and as companies move more towards a hybrid or remote environment, the concept of having a local network has diminished, making employees more vulnerable and leaving the door open for cybercriminals.
The risk of cyber threats has become more prevalent with 31% of businesses falling victim every week from small businesses to large corporations with robust cybersecurity strategies.
Companies can become vulnerable in many ways. One of the most common is ignoring the request to update devices. While this is often time-consuming, failure to install fresh software exposes personal and company data to threats as these unpatched vulnerabilities can be exploited. A perfect case in point is the WannaCry attacks – which ended up costing the NHS a staggering £92 million.
Staff can run into risks from connecting to unsecured public networks during remote working, such as those found in coffee shops or airports, unintentionally exposing sensitive data and leaving the door open for unauthorised parties to gain access. Businesses need to advise employees on the risks associated with connecting to unsecured networks and the implications this can have.
Weak passwords are also an easy gateway for attackers, as well as the misuse of workstations for non-business purposes – such as downloading games or personal software. To mitigate these risks, the implementation of application control is imperative for safeguarding businesses by allowing only the applications that they need and blocking everything else..
Humans constitute the first line of defence against cyber attacks, and regular and up-to-date cybersecurity training offers effective approaches for businesses to minimise risk. As humans are usually the first line of defence, equipping employees with knowledge and skills to identify scams and phishing emails helps prevent unauthorised entry into systems, saving businesses time, and money, and preserving their reputation.
The Solutions
Small changes can make a huge difference in mitigating risks and reducing the likelihood of a cyber attack.
Businesses need to keep their systems up-to-date to keep cybercriminals at bay. Training employees is also recommended to ensure they are aware of threats such as phishing, what breaches look like, and the implications attacks can have on a business.
Beefing up your security stack with a Zero Trust solution is worth considering as it enforces policies for both internal and external users, treating every user, file or application as a possible threat
Putting in place a Zero Trust solution, and taking other practical steps to reduce risk is now essential for all businesses as the amount of data held online is at an all-time high and cyber attacks are a day-to-day reality.
See more stories here.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.