The 2022 Cybersecurity Almanac predicts the cost of cybercrime will reach a record high of $10.5 trillion by 2025, but there are still a handful of businesses that are not taking measures to protect themselves.
In cyber-attacks, your business loses more than data. You must factor in the cost of mitigation and remediation, which can often run up into tens of thousands of dollars. Additionally, businesses suffer 21 days of downtime on average, following an attack. The cost of that downtime will differ from business to business. Not to mention any damage this could cause to your reputation.
The best defence is taking a multi-layered approach to your company’s security, meaning several solutions are working alongside each other to close the gaps in your vulnerabilities and give your business an appropriate level of protection. This will reduce your risk of something slipping through the cracks but will also make recovery efforts easier should something happen.
It’s important to point out that there is no combination of tools that will keep your business 100% immune to cyber-attacks. At least not without locking your systems down to the point where doing business is nearly impossible.
The real key is finding the right balance between usability and protection, which will again, vary by industry and business.
Today we want to explain three of the most hazardous mistakes businesses frequently make.
1. Not properly managing employee access
Different roles in your organization will have different needs when it comes to application or documents. Treat it like so. Giving everyone an “all-access pass” increases the odds that a criminal will find an open door to your entire network.
Remember to update privileges whenever someone changes positions or leaves the company.
2. Allowing lateral movement
If a bad actor gains access to a device used by someone on your admin team, it might not be the end of the world. But what happens if they find a way to move from your admin system to your billing system… Then to your CRM... Then into someone’s email account.
This is called lateral movement. The bad actor crawls their way from one system to more critical systems.
If they can access the email of someone with admin rights to other systems or accounts, they can start wreaking havoc and locking other people out by resetting passwords.
Sometimes, the most effective strategy against this is “air gapping”, meaning there is no direct access from one area of your network to another.
3. Neglecting to plan and protect
Companies who work closely with their IT team to set strategies into place have lower odds of being attacked.
Having an updated plan in place that outlines what to do in these situations is a must.
This will give you back valuable time in your recovery efforts and limit the amount of data you lose.
If any or all of these three things are going unaddressed at your organization, we can help. Call us at 806-322-2150.