As we consider the importance of security during this 20th annual Cybersecurity Awareness Month, let’s look at some of the ways many organizations err in their approach to this vital aspect of their business. Chances are, your company could be falling into one of these traps too.
In the latest episode of our Digitally Transformed cybersecurity podcast series, Infused Innovations CEO Jeff Wilhelm and host Justin Starbird discuss some of these common cybersecurity mistakes. Here’s a list of things you don’t want to do in your security approach, and how to fix it if you’ve gone off track.
1. Put off security because you can’t afford it
Some organizations, especially smaller ones and startups, may think great cybersecurity doesn’t fit into their limited budget. But time and time again, companies come to realize the hard way that the price of a breach is much higher than the cost of defending against one. Think of it like insurance—while you may hope you won’t be attacked, the safer bet is to be equipped if you are, because what you really can’t afford is that unfortunate and devastating situation.
Moreover, cybersecurity doesn’t always have to be expensive. There are beneficial steps you can take that will improve your security posture with just some education and advice. And something like Infused Innovations’ Zero Trust accelerator can get you protected quickly without an excessive ongoing cost. In any case, whatever steps you take to strengthen your security are better than doing nothing, so don’t let budget constraints paralyze you from taking action.
2. Overlook tools you’re already paying for
Some company leaders are so busy running their businesses that they don’t even realize they’re not using security tools they already have at their disposal. For example, common Microsoft 365 business licenses already include 50-75% of the most important defenses, but they have to be toggled on and configured. If you don’t have a specialist looking at these things, you may not be taking advantage of many of the resources you’ve already paid for.
3. Piece together 20 different vendors
When it comes to security solutions, more is not always better. This is particularly the case when you’ve purchased tools from a variety of different vendors who don’t speak to each other or integrate. Envision an attack scenario: it may take 30 minutes or more just to ingest information and correlate events for your security team to be alerted. Then, needing to check various places and coordinate between different tools slows the team’s response down. The investigation across a complicated web of solutions can take an hour, an hour and a half…meanwhile, the attacker has already had time to do some serious damage. On the other hand, a streamlined, comprehensive, automated system (especially one supported by machine learning) can respond to a threat in three minutes or less.
Paring down some of these unnecessary solutions and instead making better use of available tools you may have overlooked can save you crucial time in the event of an attack and lower your costs. That’s awesome news if you ask us!
4. Skimp on training your employees
Your whole organization should be on board in your cybersecurity defense—if they’re not, you’re drastically increasing your chances of an attack becoming successful. Up to 95% of company breaches are related to misguided actions on the part of internal employees, such as falling prey to attackers’ lures due to lack of training. This is a low-cost way to fortify your protection by educating your team about what to look for, how to respond, and why they need to incorporate security as a priority across the organization’s work.
Improper understanding of IT processes can also lead employees to engage in shadow IT, which is when they attempt to solve their own problems because they feel that it would be too time-consuming to reach out to IT administrators. This can end up creating bigger vulnerabilities as changes are made without the knowledge of the security team. Informing users of the right workflows and processes regarding technical issues can help protect against this vulnerability.
5. Check the box and go for cake
Some company leaders may set up a firewall or anti-malware software and then think they’re good to go. It feels great to check off an item on a to-do list, but that’s not how cybersecurity works, especially in today’s dynamic climate. While you’re relaxing in the break room with a slice of cake, satisfied that you’re done taking care of security, a sophisticated attacker may be capitalizing on your already outdated approach.
If you’re not a big cake eater and instead prefer a train analogy, think of it this way: Have you ever sat in a car or train and had the sensation you were moving backwards as a faster train sped by? Like time and motion, advancements in cybercrime and security are relative. Those malicious actors are always gaining more powerful insights and tools, so if you’re not doing anything, you’re moving backwards in relation to your threats.
Don’t worry—cybersecurity mistakes can be avoided
All of this can be a lot to think about, of course—and the effects of not thinking about it can be scary. If you’re busy running your business and need to put your cybersecurity setup into trusted hands, we’re here to help. From simply advising you on how to make better use of your available resources to deploying the most comprehensive and streamlined solutions for you, we can make your process easy.
For more cybersecurity tips and to hear how our clients have improved their security postures while cutting costs, listen to our latest podcast in the series.