Identifying cybersecurity issues in your business
Threats to your business come in many forms. For most organizations, the biggest threats to their survival are related to cybersecurity. An Allianz survey found this to be true, as "cyber incidents" ranked as the biggest risk to organizations, overtaking "business interruption". Whether those threats are external or internal, they are continuous and evolving because of the ever-increasing shift towards digital.
Over 98 percent of UK security professionals have reported an increase in cyber-attacks against their businesses in the past year. A further 96 percent say those attacks have become more sophisticated. This shows the need for constantly-evolving UK cybersecurity.
Businesses must also look beyond external threats to identify all their cybersecurity issues. Vulnerabilities in core systems, particularly those holding sensitive customer data, are easily exploitable by malicious outsiders and employees. But the biggest risk associated with your people isn’t malicious activity -- it’s accidental human error. An estimated 95 percent of all cybersecurity incidents begin with human error.
With such a wide-reaching attack surface, it can be difficult to identify the cybersecurity issues within your business. Here are our top tips for identifying and addressing the security risks associated with your organization.
Address the vulnerabilities in your systems
The two most common methods cybercriminals will use to target your organization are phishing and malware. Phishing attacks steal login credentials for your business-critical systems, while malware is malicious code installed at a software, device, or server level to infect your network.
If you’re not patching your systems, you’re giving hackers the opportunity to infiltrate them. It’s the age-old ethos of locking your front door and windows when you leave your house; you need to take basic steps to secure your business. If most of your machines are operating on unsupported operating systems such as Windows 7, it’s like leaving your front door open when you leave.
Attacking such operating systems isn’t a new trick, but it’s effective. This is especially true in the case of Windows 7, which holds a 25 percent market share of all operating systems despite its unsupported status. Hackers are exploiting this by targeting users with a password-stealing malware disguised as a Windows 10 upgrade prompt.
Because end of life (EOL) operating systems get no security updates, it’s critical that your operating systems are up-to-date. Your IT team, or managed IT services provider, should be aware of any vulnerabilities in the current versions of your software and apply patches as quickly as possible.
Secure your remote workforce
For businesses that hadn’t embraced remote working before March 2020, the sudden shift caused chaos. From scrambling to buy laptops to implementing collaboration software, it wasn’t plain sailing. For that reason, the cybersecurity risks that come with a remote workforce probably weren’t addressed immediately.
Businesses that have successfully implemented remote working, but haven’t yet dealt with security issues, should address the following as a matter of urgency:
- Employees working on sensitive data using unsecured home WiFi networks
- The use of personal devices to carry out work duties
- An increased risk of employees clicking on malicious links and files
- Staff not installing security patches
Some of these risks will require updates to your technology. It’s best practice to equip your employees with their own portable work devices, including laptops and mobile devices if necessary. But if that’s not possible, you can install easily deployable cloud computing solutions to secure their sensitive documents.
The final step in securing your workforce comes in the form of education. By helping your people understand the risks associated with working from home, you can instill good remote working practices in them.
Test your staff knowledge levels
It’s not only remote workers you should educate. Your workforce represents the biggest attack surface in your business. Each individual is an entry point for hackers, as well as a risk for accidental human error.
Verizon research shows that 94 percent of all malware detected on business computers came from a malicious email. That means if your employees aren’t trained to spot suspicious emails, they’re at a high risk of falling victim to a phishing scam or malware attack. That jeopardizes your business.
Training is essential to equip your employees with the skills and confidence to identify malicious emails and protect your business. You can buy online training packages from reputable organizations or, if you outsource your IT support, utilize your provider’s expertise.
Once you’ve trained your employees, you can test them to ensure they’re putting their learning into practice. There are a number of tools you can use to simulate phishing attacks, with reports showing you which members of staff fell victim. The staff who click links in the emails are directed to educational resources to further improve their knowledge.
Very few businesses will be completely free of cybersecurity issues. Even those who go to great lengths to protect their organization from digital threats are never 100 percent safe. But that doesn’t mean you shouldn’t take responsibility for your IT security. Regularly identifying and addressing the threats to your business with a cybersecurity risk assessment is best practice. By looking beyond the external threats of cybercriminals and addressing existing issues, you’re giving your business the best possible chance of survival.
Image credit: BeeBright/depositphotos.com
Steve Osprey is Microsoft Solutions Director at TSG.