[BreachExchange] How to Tackle the 7 Most Common Cybersecurity Mistakes of Your Company

Destry Winant destry at riskbasedsecurity.com
Mon Dec 3 10:36:47 EST 2018


https://opensourceforu.com/2018/12/how-to-tackle-the-7-most-common-cybersecurity-mistakes-of-your-company/

Lax cybersecurity can be a devastating blow for any business. While a
system breach might not spell the end of the company, it damages
reputation and customer confidence, as well as having a host of
compliance issues. Here is a comprehensive list of the most common
cybersecurity mistakes, and how you can avoid them.

Thinking that you’re exempt

Don’t assume that just because your company isn’t a huge, well-known
business, that you aren’t vulnerable to attack. Every business, no
matter how small, are open to attack – it’s not just those that handle
personal data that can fall victim to a breach of their cybersecurity.
Cyber criminals carry out their illegal doings in all corners of the
online world, attempting to infiltrate networks, and take valuable
assets, whether that is personal information, money, or other
sensitive data. To avoid this, make sure you take the possibility of
attack seriously, and minimise risk by bringing in qualified experts
to conduct audits, identify weaknesses, and provide solutions.

Lacking knowledge of where your data lives

Chances are, data is the foundation on which your company is built,
and what sustains it. It is exchanged within the company itself, as
well as with external sources, too. “The moving of data means that it
is paramount that a detailed, in-depth knowledge is required, as to
where the data is travelling to, where it lives, and who has access to
it. Failure to do this means you fail to know what you need to
protect, which is open season for attackers!”, – explains Jayne Ward,
a Data Manager at Academized and Stateofwriting.

Focusing on border security

Cyber hacking has progressed a lot in recent years: so much so, that
concentrating solely on border defences will mean that adversaries
will almost inevitably be able to hack your system, and, once they
have made it in, they will be able to acquire privileges to make them
appear as trusted users, and evade detection for a long time.
Cybersecurity should adopt a far more holistic approach – make sure
that all defences are strong, and your chances of them being breached
diminish considerably.

Neglecting to update

It is impossible to guarantee that your cybersecurity will always
prevent attacks, as networks are so expansive, that there are too many
opportunities for a potential breach. However, by avoiding updating
your network and failing to understand the structure of it, the ease
at which an attacker can enter your system increases dramatically.

Only relying on anti-virus technology

Not all cybersecurity attacks come in the form of malware or viruses,
and so using anti-virus technology alone will not protect you from
attacks. The world of cyber hacking is constantly evolving, and new
tools to penetrate systems are always being developed, with attackers
increasingly using malware-free tactics. Bearing this in mind, while
it is important to keep anti-virus software up-to-date, it is equally
vital to be able to identify threats in their other forms.

Taking on the task alone

Protecting an entire company network from cyber-attacks is a mammoth
task, and the skill set it requires is no mean feat to master. There
is a huge, worldwide shortage of effective cybersecurity skills, so,
chances are, you will need help. “Attempting to do the most with the
human resources you have – especially if they lack to sufficient
skills – will only increase the likelihood of your security being
breached. Bring in the experts to help you, or liaise with another
company to share resources”, – says Lillian Ramirez, a Security
Manager at Paper Fellows and Bigassignments.

Considering cybersecurity to be solely an IT problem

It is not just the IT departments problem to keep the network
protected. As aforementioned, a holistic approach is required to
ensure the entire network is consistently protected. Make sure
everyone in the company is educated on how to protect information,
guard company secrets, map data flows, and what they should avoid
doing. Have clear policies and processes in place, and regular
meetings with the board, so that everyone is fully aware of how to
respond to any potential threats, and how they should operate on a day
to day basis.

Cybersecurity is something that should be taken lightly. By ensuring
that the proper parameters and security measures are in place, and
that everyone in the company has proper training on how to minimise
risk, you can massively reduce the likelihood of having your network
breached.


More information about the BreachExchange mailing list