Given the number of major data breaches that have occurred in the past decade, you would think that more companies would understand the importance of cybersecurity. Unfortunately, this has not been the case. Many executives believe that cybersecurity is separate from the day-to-day operations of their companies. They continue to believe that they are safe, or that no one cares about their data, or that they are just a small company.
That's not true. Absolutely not. Hackers don't care what management thinks about the data. The only thing they care about is the value of the information itself. If it's valuable, hackers will try to exploit it. No one is safe.
Yet companies continue to make big mistakes in their cybersecurity efforts, including not hiring enough people to combat threats and using outdated systems.
Failure to implement security monitoring
Antivirus and firewall technology is essential, but it's not enough to protect your business. Unfortunately, many business owners believe that having the right software in place is enough to keep their network safe and secure.
Not really. Antivirus and firewall software stop about 20% of intrusions. The rest relies on professionals monitoring your systems and preventing data leaks.
Getting someone to monitor your network is actually easier than you think. You don't need to spend money on hiring an in-house IT professional. There are now many outsourcing services that will monitor your computer systems along with many other clients and notify you if anything unusual appears.
Update from Windows 7 fails
In January, Microsoft stopped providing service packs for Windows 7 so that its engineers could focus on supporting Windows 10. This means that the company will no longer provide patches or fixes for security vulnerabilities that become public in the coming months and years.
According to the cybersecurity expert, this is a big problem for businesses that are still using Windows 7. Companies that don't update their operating system are at huge risk of becoming victims of a hack without any backup support.
So, if you haven't done so already, update to the latest software. Migrating from Windows 7 to Windows 10 may be a pain, but it's necessary. If you don't know how to do this, hire a third-party agency to do it for you. Frankly, you don't have much of a choice.
Failure to Conduct Network Security Testing
Network security testing is becoming an essential part of protecting business operations from potential threats. The reason is that more and more devices rely on the network. We live in a completely different world than 10 years ago, when most companies ran offices with wired desktop computers. Every employee had their own device, and the overall management was much easier.
Today, that is no longer the case: employees bring their devices into the workplace and there are now many IoT-based nodes in the system.
With these additions, new network security vulnerabilities will surface, and businesses need to be aware that every new device they add to their system can introduce potential security vulnerabilities, so regular network testing is essential.
Again, if you don't know how to do it, there's no need to rely on in-house experts — there are thousands of agencies that offer this type of service and do it regularly for a fee.
Focus on the periphery, not the center
IT security experts like to divide network security into two sections: perimeter and core.
The perimeter encompasses all touchpoints between your network and the broader internet, and at its core are people, systems, software, and security strategy.
Many small and medium-sized businesses focus too much on the periphery, building large walls to the outside world without focusing on the security vulnerabilities on the inside.
For example, most companies experience a breach not because a hacker gets in and breaks into their software, but because a colleague makes a mistake. It's not uncommon for an employee to receive what appears to be a legitimate email and, after replying to it, realize they've handed over sensitive information.
Yet companies fail to recognize this particular vulnerability because executives believe hacking is always a technical act, forgetting that hacking can also involve subterfuge.
Believing that violations won't happen to you
Corporate executives make up a variety of excuses as to why breaches don't happen at their companies, including:
- My company is too small to worry about hackers
- There is no valuable data
- All my colleagues are highly trained professionals who would never make basic security mistakes.
In most cases, these claims are false. No company is small enough to escape the concerns of hackers. Nearly every business has valuable data that criminals can sell. And no team in the world is completely safe. At some point, someone in your organization will make a mistake, and you'll have to make up for it.
Believes they can manage cybersecurity themselves
The main reason companies take such a lax approach to cybersecurity is a lack of understanding.
Luckily, it doesn't have to be that way. Today, there are hundreds of agencies that offer all kinds of third-party services designed to help you run your network. Some companies just want an extra pair of eyes watching over their systems. Others need to jump in and hire an agency to manage their entire IT network. Which one you choose will largely depend on the type of business you run.
summary
So far, the evidence we have doesn't look good. Most companies aren't doing enough to protect their networks from cybersecurity attacks. Because of this, data breaches will continue to happen and companies will have to pay huge fines and compensation to their customers. Eventually, we should get to a happier place, but it doesn't seem likely anytime soon.