When a company falls victim to a ransomware attack, it’s not only the money management has to pay the perpetrators to remove their criminal encryption that hurts. It’s the crippling downtime, demotivated staff, sales dislocation for days, maybe weeks, and worse that impacts morale. Adding salt to the injury, authorities are usually helpless because the hackers live outside the country!
Cybersecurity, or rather, “cyber-insecurity”, has become a key cause of concern for businesses across industries. So, how do we as business owners, professionals, and individuals protect our identities and data from cyber-criminals?
“Throw enough money at the problem – that should do the trick.” Many business leaders believe this to be true. Until, of course, it’s far too late.
Indeed, contrary to popular opinion, it’s not money or extraordinary IT expertise that can solve our problems. Instead, it’s just an awareness of the critical pitfalls that leave open us to cyber attacks – and then taking action to resolve them – that does the trick.
You can reduce the risk of cyberattacks by addressing the following leading causes of failure within your organization.
1. Hardware mismanagement
Management’s failure to be proactive regarding the computer systems is a cardinal error. It begins with the supply chain, knowing who’s selling you components, spares, and refurbished devices. It means that the sources need to have the proper credentials to demonstrate the expected security around the hardware they send your way. However, it’s a common pitfall to overlook these aspects only to find imported viruses contaminating your systems. So, adopt vigilance from the original manufacturer to all hardware warehousing and distributor stops.
The first thing hackers look for are old systems. Why? Because it’s easiest pick the low-hanging fruit. The older, the better because the firewalls are fewer and, in many cases, a cinch to smash through. The stark reality is that you’re inviting bad actors into the fold when the supply chain is “iffy” and outdated devices prevail. Management’s most significant failure is assuming that yesterday’s technology can address today’s challenges.
2. Cultural disconnect
Business leaders come from all walks of life, and therefore it applies that not all of them will have a solid background in IT. While this wasn’t always a critical concern, the tables have turned today, and IT is at the forefront of global business – especially as businesses not only look to appeal to audiences across the world, but also have employees from across the world!
Unfortunately, lacking this background can result in a critical disconnect of priorities, especially when strategic decisions need to be made. cybersecurity, in such instances, isn’t always prioritized.
Decision-makers aren’t aware of their cyber vulnerabilities. Instead, it becomes a case of the bystander effect, wherein they assume someone else will take lead on this instead. Except it doesn’t quite work like that. More likely, if there’s already fragility in the systems, more overload will make it worse, opening the doors to a host of viruses and breakdowns. Put it down to a cultural disconnect between the C-suite executives, the CIOs and their teams, and everyone else in between.
3. Misunderstanding the cloud
Cloud vendors talk a great cybersecurity game, but if an attacker compromises your customer’s data (or your own), it’s your problem. If fines kick in, you are liable. If the ransomware attack impacts your data, the servers won’t be coming to your aid.
So, even as you’re placing your data on the cloud, don’t assume you are protected from cloud data attacks.
However, now that we’ve covered all the concerns, the good news is that cloud vendors invest hundreds of millions of dollars to shore up the space from cyberattacks. For example, Google offers a Cloud Security Command Center to scan for cracks in the cloud fabric. Likewise, Amazon and Microsoft have constructed numerous software applications to erase vulnerabilities. However, organized crime in cyberspace is a massive business, and the perpetrators are technologically resourceful. So, despite the default protections provided by vendors, the final responsibility for security is yours.
The most common data breach causes on the cloud are (1) confusing access to storage resources and (2) failure to update security protocols and records as people move in and out of the business.
For example, terminating an employee (or accepting a resignation) should align with the return of all company devices and removing access to cloud files. Yet, a reliable study indicates that 25% of departing employees steal confidential data on exit. Of course, these lapses are easily resolvable – in theory. But if the described carelessness prevails in practice, the damage can be devastating.
4. Remote working
No article about modern cybersecurity is complete without talking about remote work. Remote working opens up a proverbial tsunami of digital traps and threats. Working in the office under centralized IT protections is one thing. Allowing thousands of employees to disperse overnight to home offices, taking company devices with them, is quite another.
There’s no comparison to the security standards maintained in your office versus those at home. However, here are the common remote-working security gaps that companies need to keep in mind:
- Employees tend to work from locations with little to no Wi-Fi security (think Starbucks). Add to this the loss of devices, and accessing files with looser restrictions to accommodate the remote scenario and you have entered the ideal playground for hackers!
- According to a research study, more than 50% of remote workers use personal devices to access cloud-based data.
- To top it all, over 66% of CIOs and IT teams have no visibility of home networks. As a result, the majority of cyber-attacks are hitting remote workers (i.e., around two-thirds of all those recorded in the last year).
No doubt, the pandemic forced the shift to a remote working environment on us. However, companies needed to simultaneously trigger rapid action on the cybersecurity front to help employees upgrade their home protections. Indeed, this would requires massive revisions in IT policy and deploying specialists to elevate oversight standards – but it is the need of the hour and the next big business challenge!
Conclusion
When it comes to cybersecurity, these are the most common pitfalls businesses need to address. While some take time, others are overnight fixes that can save you plenty of headaches to come. However, not every business has the exact same security lapses and concerns. So reach out to your employees to better understand which practices you follow (or don’t) and ensure that the right challenges are addressed.
Sogolytics can help you better connect with your people, increase your response rate, and ensure candid feedback that helps you identify and address your organization’s specific concerns! Want to learn more? Let’s connect to discuss how we can help!
