How To Prevent Key Cyber Security Mistakes
Cyber security is a huge industry — it’s already worth more than $122 billion annually, and is projected to surpass $200 billion by 2021. Put simply? Companies worried about data breaches and zero-day cyber threats now are willing to spend on InfoSec. The problem? Big spending and solid security don’t always go hand in hand. Here’s a look at five critical cyber security mistakes companies are making — and how to prevent them.
The No Target Problem
Is your business a target for hackers? Enterprises and large government organizations know they’re in the line of fire, but small and midsize companies often assume that since there are bigger fish in the sea, malicious actors won’t bother tossing malware hooks into smaller pools. That’s simply not true. The solution? Double down on information technology security, implement strong antivirus and endpoint controls, and consider a third-party assessment to help identify and plug any security holes.
The Shadow IT Sidestep
Your company has two IT departments: one official and one “shadow.” Shadow IT is everywhere — from employees using an app that isn’t vetted by IT, to accessing unapproved cloud services on the company network. Solving the problem means starting a conversation rather than issuing a command: By permitting some apps after they’ve been verified safe, you can bring shadow IT out of the dark rather than forcing users to head underground.
The “It’s IT” Issue
Cyber security is an “IT issue,” right? It’s easy to think this way since IT historically has been considered a cost center rather than line-of-business partner. But with the evolving nature of cyber threats, combined with the prevalence of technology use across all business departments — from sales and marketing to HR and management — many companies make the mistake of assuming that poor IT security will impact only IT functionality. In fact, a security breach could bring your company to a screeching halt for days or weeks, especially if data is destroyed or physical assets compromised. Best bet? Make IT part of the boardroom discussion.
The Avoided Update Risk
Another common cyber security mistake is avoiding necessary updates. It happens often; companies are worried about problems with legacy programs or bugs in new security updates, and so they put off a necessary patch. Don’t. These updates often are in response to emerging zero-day threats or disclosed vulnerabilities, meaning hackers are hunting for businesses that are still at risk.
The Employee Training Gap
Last but not least: Most companies minimize the role of non-IT cyber security training. Yet it is “insiders” who carry out 60 percent of all cyber attacks. While some stem from malicious action, many are inadvertent or accidental — but they still put your business at risk. Bridging the gap means spending on both up-front and continuing education in addition to robust monitoring tools. Teach employees what to avoid, and make sure you’ve got a bird’s-eye view of your network.
It’s easy to make cyber security mistakes. Lower your risk by understanding the most common, and taking steps to limit their impact.