This Employee Spotlight article features Mitch - CW's Manager of Client Support. Learn about Mitch and hear his story!
Top 3 Cyber Security Mistakes
This CW Blog article features the top 3 cyber security mistakes people often make that hurt their work environment.
When it comes to cyber security, we all talk about best practices and the right actions to take, ensuring you and your business are protected. What we don’t talk about are the mistakes. More specifically, the actions people take assuming they’re best, but in reality…they’re far from it.
So, let’s discuss the top 3 cyber security mistakes you should avoid making.
- Not Being Proactive
To think your business is too small or too isolated to be affected by a cyber-attack can be a devastating miscalculation... From data breaches to ransomware attacks, 70% of SMBs who experience a cyber attack go out of business within a year. Being proactive when it comes to cybersecurity and your business is like going to the dentist for your annual check-up. Avoiding a check-up only leads to poor teeth, toothaches, and even various diseases. Similarly with cyber security, not being proactive can and will lead to serious problems down the road. So, what does it mean to be proactive with security? Having multiple layers of security is a great start, as well as having a written disaster recovery plan – providing you with a clear path to follow in case of a disaster (malware, theft, fire, flood, etc.). Furthermore, having documentation from your vendors of hosted applications, detailing their security and recovery plan, is just as important. In the case they are challenged, you are able to confirm that your expectations for recovery line up with theirs. Finally, make sure you are having regular conversations and training with your employees, ensuring they understand the challenges and the part they play in protecting the work environment…and their livelihood.
- Relying Only on Anti-Virus Software
Many organizations believe that anti-virus software installed on workstations and servers is enough to protect them. The problem with anti-virus software is even though it does provide a level of protection, it is fully reactive to the threat that has already entered your environment. Anti-virus is only part of a security stack that companies should explore to make sure they are addressing the increasing security needs of today. So, what else is needed?
- Firewall: All organizations of all sizes should have a dedicated, hardware-based firewall established in their environment. The purpose? To fully monitor traffic coming in and going out of your network. These devices have significant configuration options to allow certain sites or types of sites (i.e. gambling) to be blocked. In addition, you can dictate from what countries you will allow to access your environment; you can block countries that are known hacker hot points. There are numerous other features you can manage to increase safety.
- Third Party Solutions: There are a large volume of third-party solutions to explore, such as OpenDNS, KnowBe4, CrowdStrike, Dark Web Monitoring, Password Managers, and Two Factor Authentication. These tools are useful to be aware of since the dollar investment may vary small to provide a high level of security.
- Employee Training: Didn't we mention this in the last section? YES! When it comes to protecting your environment, this is probably the most neglected and forgotten tool. The technology you use (anti-virus, firewall, third part solutions, etc.) covers only 50% of your total protection - the other 50% is your people and the actions they take! That said, both are of equal importance. Your employees need to know what the threats are, how to recognize them, and what to do if they suspect a risky email or possibly click on something they shouldn’t have. It is crucial that you have a clear policy supporting such training, with clear guidelines on possible disciplinary action if employees refuse to take the training or threats seriously.
- Believing It Won’t Happen to You
Recent studies have shown that 54% of SMBs feel they are too small to be attacked when a whopping 43% of all cyber attacks are directed at SMBs. Why? SMBs fail to adequately protect themselves and to take threats seriously. Hackers don’t rely on the “big score” to survive - they simply rely on access to compromise and environment. The work that it takes to score a $100,000 ransom is greatly reduced by scoring 10 $10,000 or 20 $5,000 ransom payments. Except for a few instances, these threats are not focused: they simply cast a very large net and see what they catch. It is exceedingly important that you understand how your environment is structured to repel such attacks and how to plan for remediation should your efforts at protection fail.
CW Technology makes technology easy. If you’d like to learn more about cyber security, or you simply need help in determining what are the optimal protection services for you, CW Technology is here to help!
Connect with us for a Free Security Assessment or reach us at (855) 728 - 7130!