Some of the most devastating data breaches aren’t caused by sophisticated brute force attacks, they’re due to users making common cybersecurity mistakes.
Is your business making any of these?
Not Using Multi-Factor Authentication
Credential theft has risen to the main cause of data breaches as most business data is now being stored in cloud accounts.
One of the best ways to prevent cloud account breaches is to use multi-factor authentication (MFA), which stops 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.
Yet, many service businesses and small companies don’t put this vital safeguard in place. They’re afraid of hurting productivity or getting pushback from users.
This is a big mistake due to the rise in credential theft and the effectiveness of MFA at stopping it. If users are afraid of being inconvenienced, you can couple MFA with a single sign-on (SSO) solution that will reduce the number of apps they need to sign in to each day.
Failing to Have a Cloud Use Policy
When employees don’t have any cloud use policy to guide them, they often will begin using cloud apps on their own. They won’t realize that this can leave a company at risk because the app hasn’t been approved.
Business owners also often fail to curtail the use of unauthorized cloud applications, which can impact their data security and potentially cause a compliance violation. If an application hasn’t been officially vetted and approved, it might not stand up to data security protection requirements that a financial or other type of business must follow.
Not Testing Data Backup Data Recovery
When companies pay the ransom to attackers to regain access to their systems, it emboldens criminals to keep hitting more companies with ransomware. This has unfortunately been the case over the last several years, which has caused a steep rise in ransomware attacks.
57% of companies hit with ransomware pay the attacker’s ransom request.
One of the reasons that companies pay the ransom is that they have a backup of their data, but they never tested the data recovery. They are unsure how long it will take, and thus opt to pay the attacker because they feel that’s the fastest option to restore operations.
It’s vital to regularly test your data restoration capabilities, so you can ensure you have a good backup and recovery system that’s effective. It will also provide you with critical information on exactly how long your recovery will take.
Having Too Many Privileged Accounts
Privileged accounts are those that have administrative privileges in a system. This may be the ability to add and remove users or the ability to edit advanced settings in a cloud platform.
One big mistake many small businesses make is to give these credentials out “like candy.” They want to avoid someone not being able to get to something in case they may need it, so give users higher credentials than they actually need.
The more privileged credentials you have, the higher your risk of a devastating cloud account breach. It’s important to only give users the lowest level of access to a system or cloud platform that they need to conduct their daily work.
Not Managing All Their Endpoints
Mobile devices make up a majority of company endpoints these days. Yet many companies aren’t paying attention to the devices connecting to their business apps and data.
They ask employees to use their personal phones for business apps and getting their email but are in the dark about which devices are connecting to their data and when.
It’s more important now than it ever has been for a company to monitor and manage endpoints. There are applications out there, like Intune (included in Microsoft 365 Business Premium) that can manage the business side of an employee device, without intruding on the personal side.
Endpoint device management enables visibility into the security of the devices connecting to company assets and allows automated updates and other safeguards to be deployed easily to all devices at once.
Not Using Managed Updates on All Devices
A basic best practice that isn’t always done by small businesses is to have their devices on automated managed updates. This ensures that any security patches issued by OS or software developers are applied in a timely manner to reduce the risk of a breach.
Software vulnerabilities are being found and exploited by hackers all the time, and software providers respond by sending out patches to systems to stop those attacks.
But it’s up to the end-user or company to ensure those patches and updates are installed, otherwise, they won’t help. Automating the process through managed services is the easiest and most secure way to ensure those updates are being applied.
Improve Your Security With a Managed IT Services Plan
Skyline IT Management can customize a managed services plan for your Oklahoma business to provide you with all-in-one security at an affordable rate.
Book a Call today to schedule a technology consultation.