The landscape of cyber security is constantly shifting and changing, leaving many businesses feeling a bit off-balance. Lately, we don’t seem to go a week without hearing about a cyber attack or data breach of businesses around the globe.
People
We are often asked what the biggest cyber threat is for businesses, both large and small. By far, the weak link when it comes to cyber security is human error: employees clicking on unsecured sites, downloading documents that turn out to be malware, opening an email that is a phishing scam, and the list can go on and on.
While getting rid of your employees is not an option, educating them is always an option, and can be a step in the right direction. Some of the most secure companies offer regular training on the latest threats. This means helping your employees overcome the mindset of “I always did it this way.” Showing and practicing safe cyber practices should be an ongoing effort by business leadership.
Updates and Patches
It may seem like a simple step, but it is one that is often overlooked: updating software and downloading patches for vulnerabilities. For example, businesses should have a protocol in place that evaluates vulnerabilities and installs patches whenever they are offered. The WannaCry and Petya outbreaks of the past showed us the importance of staying on top of software updates and patches.
The primary way both those attacks spread was by exploiting a critical vulnerability in the Windows operating system known as Eternal Blue. The WannaCry outbreak occurred in May. The patch for the Eternal Blue vulnerability had been released by Microsoft in March. If the patch had been widely applied, the impact of WannaCry, which mostly hit corporate networks, would have been greatly reduced.
BYOD
BYODSo many businesses now thrive because employees are able to use their own devices. The flexibility and convenience of using one’s own device, especially when traveling, is widely believed to be an asset for most companies. Unfortunately, allowing employees to BYOD or bring their own device can present its own security problems.
Personal devices such as laptops, tablets, and smartphones most likely do not have the same level of security as corporate devices, and may be significantly easier for hackers to compromise. In fact, there should be a strict company policy that if employees are using their own devices to conduct business, especially where they access client data, they should be required to use a VPN (virtual private network) and use two-factor authentication. These practices can help protect your company information regardless of what device is being used.
What are your company’s biggest cyber threats? Do you have questions about how to protect your business from the internal and external threats that exist? Call or visit M&H Consulting at 1-866-964-8324 or visit our website.
Categorised in: antimalware, antispyware, antivirus, Business Management, Computer Support, IT Consulting Services, Security, software