Worst 5 IT Security Mistakes

Image of motherboard connections with a lock as part of the circuitryCybercrime costs $11 million USD per minute or $190,000 per second globally on average.

60% of small and mid-sized companies who suffer a data breach wind up folding within six months because they can’t afford the recovery cost. These costs include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, repair costs to software, and more.

While using up to date IT security safeguards like anti-malware, a firewall, and anti-virus, avoid these common cybersecurity mistakes that companies and employees make all the time.  Massive IT investment may not be necessary with basic cyber hygiene.

The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?

So is your business allowing or requiring dangerous cybersecurity mistakes, leaving you at high risk for data breaches, cloud account takeovers, or infection from ransomware?

Here are several of the most common missteps when it comes to basic IT security best practices.

IT Didn’t Implement Multi-Factor Authentication (MFA)

According to IBM Security, credential theft has become the top cause of data breaches around the world. The majority of company processes and data are now cloud-based, so login credentials are key to multiple types of company network attacks.

Multi-factor authentication protects user login credentials by requiring a code that’s sent for each individual login attempt. If your company doesn’t require them, you’re at a much higher breach risk.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%. Why wouldn’t you use it?

Ignoring Team Members Using Shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

  • Data may be used in a non-secure application
  • Data isn’t included in company backup strategies
  • If the employee leaves, the data could be lost
  • The app being used might not meet company compliance requirements

Employees often use apps they like because they’re filling a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.

Publish cloud use policies within the company that spell out for employees the applications that can and cannot be used for work.

Believing That Anti-Virus Is All You Need

Regardless of how small your business is, a simple antivirus application doesn’t keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails often contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days instead of file attachments to send users to malicious sites. Simple antivirus solutions don’t catch links.

You need to have a multi-layered strategy in place that includes things like:

  • Next-gen anti-malware (uses AI and machine learning)
  • Next-gen firewall
  • Email filtering
  • DNS filtering
  • Automated application and cloud security policies
  • Cloud access monitoring

Neglecting Device Management

Most companies around the world let employees work remotely from home since the pandemic, and plenty of them plan to keep it that way. Unfortunately, device management for those remote employee devices as well as smartphones used for business hasn’t become commonplace.

If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.

If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365.


Leaving Employees Without Training or Guidance

An astonishing 95% of cybersecurity breaches are caused by human error. Modern companies don’t often take the time to continually train their employees, and thus users never developed the skills needed for a culture of good cybersecurity.

Employee IT security awareness training should be constant, not just annually or during an onboarding process. Keep IT security front and center and your team will be better equipped to identify phishing attacks and follow proper data handling procedures.

Inject cybersecurity training into your company culture by:

  • Short training videos
  • IT security posters
  • Webinars
  • Team training sessions
  • Cybersecurity tips in company newsletters

Sign up for our monthly newsletter to get more valuable content delivered straight to your inbox!

To see if our Internet driven custom business phone systems are a good fit, contact us or call 866-550-0005 today!

Leave a Comment