August 4, 2017
Many businesses recognize that cyber security is a growing threat and they prioritize it. They update software regularly, maintain their infrastructure and implement security measures to help thwart malicious attacks. They set up password protection access to computers, software, and apps so only those authorized can get access. The have their employees regularly change passwords. But is everything that they do enough?
3 Problems with Cyber Security
Every day you log on to your devices, software, and apps. You access sensitive data that is password protected. Do you trust that your password and access are safe, or do you cross your fingers hoping that there are no gaps in your cyber security?
With more companies wanting to use unique passwords, it’s hard to continuously memorize them. Then there are the changes. With each request to change a password, it is estimated that a slight revision to the previous password causes the new password to become weaker. In addition, users get frustrated because it’s not easy coming up with new passwords every couple of months. The result is that the password becomes more predictable.
As an added authentication method, companies may add security questions. With everything on the internet, how safe are these questions? Do you really think a cyber criminal won’t be able to get your mother’s maiden name, zip code, or even the name of where you went to Middle School?
Based on a Microsoft user study to measure the reliability and security of the questions, acquaintances guess the correct answer 17% of the time and 13% of the answers can be guessed within 5 attempts using the most popular answers. Even dynamic questions, such as asking about the last payment amount, can be guessed. There is a large margin of error allowed for these questions and if the amount is consistent every month or within the vicinity of where you live, it is easier to guess.
Insufficient Executive Support
The truth is one of the main reasons for gaps in your cyber security is executive support. Awareness and education are significant when it comes to being prepared for a cyber attack. There is no longer the thought of whether your business will be attacked, but when.
It is critical that executive support understand and invest in the appropriate preparations. For example, ransomware attacks are on the rise and are increasingly targeting small business. The attacker doesn’t distinguish between which type of industry; every industry from medical to engineering to retail to real estate and to government agencies is at risk. When ransomware strikes, you’ll have a hard decision to make – pay the ransom or spend multiple days recovering locked files from backups or pays the ransom. In many circumstances, businesses aren’t prepared with the appropriate security and monitoring, and don’t have the proper backup already in place.
Lack of Communication
In a survey of 674 IT and IT security professionals, the Ponemon Institute prepared a great report on this subject: Cyber Security Incident Response – Are we as prepared as we think? From this survey, lack of communication is cited as a major problem. It was reported that only 12 percent of survey respondents indicated that their organizations share cyber threat information with industry peers. Yet, 43 percent could produce unique intelligence from investigations of attacks against their organizations. In another related survey, only 20 percent of respondents indicated that executives in their organization were frequently briefed about cyber security threats to their organizations.
Cyber security isn’t perfect. As we continue to see cyber breaches in the news, we are reminded there are gaps. To understand how well prepared your organization is in handling these incidents, Boost IT can evaluate your system and implement our managed security package easily with no downtime to identify gaps and address issues, and block ransomware to help reduce your risk. We’ll work with you to make sure only authorized people can access your system and to provide appropriate backup and data recovery so you can make the best decisions in the event of a cyberattack. For more information, contact us at 404-865-1289.