Last year, cyberattacks were up 33 percent over the previous year. That’s a whopping 5,183 data breaches for a total of 7.9 billion exposed records, according to Risk Based Security research. Medical services, retailers and public entities were most affected. The biggest cyber security stories of the year included big names like Marriott, Equifax, Facebook and Instagram, and Capital One to name a few.
When these huge companies are proven vulnerable, all businesses start to wonder just how secure their networks and data are. For some companies, a renewed focus on network security might mean changing passwords and updating antivirus software. For others, it necessitates a call to their IT consulting firm for an IT security update.
The growing number of cyber security breaches and the increasing cost of these attacks are frustrating, especially since the majority of them could have been prevented. There are common (and costly) IT security mistakes businesses make that can easily result in a breach. Only when you know them, can you avoid making them.
Working Under a False Sense of Security
Many business owners go about their days thinking they are immune to attacks because no one could possibly be interested in stealing their data. Any personal data from any number of people has monetary value, and that value increases the more personal the data is. Consider the type of data you might store for your employees and customers, as well as your business—name, address, phone number, credit card and Social Security numbers, logins for company bank accounts and credit cards—and implement cyber security measures to protect it.
Not Having or Following a Company-Wide Cyber Security Policy
If your business employs a small staff, you might think a cyber security policy is overkill. But just one lost smartphone or stolen laptop can lead to a major security breach, so you need a company security policy that covers what employees can and cannot do on devices and networks used for business.
Not Making Cyber Security Part of Ongoing Training
Hackers change their methods of attack all the time. Your employees have their own jobs to do, and keeping up with the latest cyber threats probably isn’t part of their job descriptions. It is your IT consulting firm’s job though. Rely on these experts to help educate your employees to prevent the avoidable errors that put your business at risk.
Not Following Best Practices for Logins
Usernames and passwords restrict access to your network, but many businesses fail to properly manage login credentials, thereby putting their data at risk. Develop and enforce a password policy that requires credentials to meet certain minimum standards and be changed regularly. Also, consider employing a two-factor authentication system to restrict access further. Inexpensive token or one-time access code systems add an extra layer of security to your network.
Relying on DIY or Consumer Grade Cyber Security Products
If your business collects and stores sensitive data, consumer-level security solutions are not going to be adequate. If you do not have the technical expertise necessary to completely secure your network, hire an IT Support Kansas City professional to help you build a security protocol that provides an enterprise-level of protection, and conduct regular audits to ensure that everything is up to date and working as it should.
Assuming the Cloud is Secure
Cloud computing has made it easier for businesses to grow and for employees to be productive anywhere. The problem is that some cloud services are not secure enough to protect business data. For example, employees may be sending and storing data on free services, such as Google, which do not offer the level of encryption and security necessary to ensure compliance with federal regulations in the health care and financial services industries.
Not Keeping Security Software Updated
Hackers find vulnerabilities in operating systems, software and plug-ins that they can exploit, and developers work hard to patch the holes as they appear. Ignoring security and software updates puts your data at risk. Your security policy should require regular checks for updates and installation as soon as they are released.
Not Responsibly Disposing of IT Assets
At some point, you’ll have to retire hardware. Not properly disposing of everything could create a data breach. Have a plan in place for securing data before disposal, remembering that deleting files doesn’t make them disappear from hard drives. If you’re liquidating outdated IT assets, wipe the hard drives or physically destroy them, or work with a reputable company to help you.
Get Professional Help
Avoiding a security breach isn’t only about installing high-tech, sensitive intrusion detection and prevention or antivirus software. In many cases, a costly breach can be stopped with a few simple, common sense adjustments to how you work and manage your network. If you still aren’t sure about the safety and security of your IT systems, contact us today for a free evaluation.