Did you know that 90% of cyber attacks start with the human user and technical controls? Engaging your staff to deliver security awareness can be hard. With 94% of malware being delivered by email, we wanted to share the top 10 red flags to look out for.
Top 10 Cybersecurity Red Flags in Business
1. Shared User Accounts
Employees using concurrent logins is not uncommon. Often employees share a username and password to allow several employees to log into a single workstation or application. While this is convenient, it’s also insecure, as it results in a lack of accountability for access to confidential data.
2. Weak Passwords
We’ve all seen the “qwerty” password jokes, but it’s so true! We recommend using strong passwords that are long and contain a mix of special characters, upper-case letters, lower-case letters, and numbers. Using a secure password manager is a great option if your team finds it hard to remember complex passwords. There are many tools available to let you test how strong your current password is too.
3. Unmanaged Backups
It’s already been highlighted in the UK media that hackers are exploiting COVID19. With ransomware on the rise, strong backup strategies are more important than ever. It’s not enough to have only one kind of backup, which you rarely pay attention to. It’s essential to mix remote with onsite backups, and it’s imperative that a trained professional monitor backup alerts.
4. Open Firewalls
Simply having a firewall on your network is not enough to prevent intrusions. We often find firewalls that have not been configured properly and are open to attack. It’s essential to have a trusted professional install, configure, and consistently monitor your network devices. Remember to change the manufacturer’s default password!
5. Sensitive Information Sent Over Email
With the introduction of The GDPR, how businesses store and process personal and sensitive information is more important than ever. Microsoft 365 office applications are now available with advanced security and encryption solutions. The best secure encryption solutions apply filters to automatically encrypt messages containing confidential information without the sender having to do anything.
6. No Business-Grade Antivirus
Antivirus is an essential first line of defense against the ever-present threat of malware. Most businesses will have some kind of antivirus, however, we do often find consumer-grade software instead of appropriate business-grade solutions. Business solutions offer much more advanced tools for managing the product, detecting, and removing malware.
7. Unpatched or Unsupported Operating Systems
The operating systems on servers and workstations need to be patched (or updated) continuously to prevent criminals from exploiting vulnerabilities. It’s common for us to find unpatched OSes in business environments, and we sometimes see unsupported OSes, like Windows 7 or Server 2008, for which vendors no longer even release security updates. Keeping all OSes are up to date and patched regularly is critical to preventing breaches.
8. Unmanaged File Syncing Solutions
Often, company employees use consumer-grade versions or free versions of popular file-syncing solutions like Dropbox to collaborate store files across their devices. While these products certainly enhance productivity and collaboration, all company files should remain under company control. Employees should never use personal accounts for work, and companies should implement business-ready solutions, like Microsoft Sharepoint, Teams, or Egnyte.
9. A Lack of Clear Security Policies
Every team member should be aware of your IT security policy. Even with a relatively secure network, a lack of policies governing the ways team members create, access, and share data can lead to serious vulnerabilities. Policies need to be in place for everything from user permissions to what safeguards need to be in place on employee mobile devices.
10. Untrained Employees
The weakest link. Employee awareness, now more than ever, is critical to cybersecurity. All users need training on how to spot fraudulent emails, how to implement safeguards on all their devices, and when to contact a technology professional for help. Otherwise, a company can invest in sophisticated technical safeguards and still be at high risk for a breach.