Sign up for our Newsletter
Keep up to date with the latest IT news, tips and guides from Dragon IS and sign up here:
Weaknesses in your business’ IT systems and cybersecurity are something that criminals will be only too happy to exploit. Indeed, they will actively be looking for ways ‘in’ and that includes using increasingly sophisticated scams to try and dupe unsuspecting employees.
In this guide to the top cybersecurity weak spots, we’ve taken a closer look at some of the most common ways cybercriminals are successful infiltrating business IT systems, and what you can do to avoid your company being an easy target.
Getting on top of cybersecurity weaknesses
You may not realise it, but many of the actions and inactions you take part in every day (often on autopilot) could be responsible for some of the biggest cybersecurity weaknesses within your organisation.
For instance, the software you use and the way you log in to your computer networks are just two cybersecurity weak points criminals can exploit to get inside your IT systems – particularly if you fail to keep on top of system, security and software updates.
Connecting to an unsecured open network – like taking up the tempting offer of free Wi-Fi when you visit a café or public area – can also present a heightened risk to your cybersecurity. As does using the same easily guessable password across multiple accounts and failing to enable two-factor authentication wherever it is available.
But cybersecurity weaknesses aren’t just restricted to the technology your business uses. Your employees are actually one of the biggest threats to your cybersecurity, with employee error being a leading cause of breaches and businesses finding themselves the victim of cybercrime.
How does employee behaviour impact cybersecurity?
Employees present a risk to your company’s cybersecurity because…. they’re human! This means they’re capable of acting without thinking, being duped and making mistakes – traits that a cybercriminal can capitalise on. And with criminals getting more and more sophisticated and the scams ever more complex, it’s not always easy to spot that something isn’t right.
Employees are also a cybersecurity weak spot because they’re trusting, well-meaning, and keen to do a good job. While these are great qualities in an employee, an eagerness to perform is also a vulnerability that savvy cybercriminals can manipulate.
Often when a system breach occurs as a result of employee error it takes a little time to uncover this as the source. That’s because most employees whose actions lead to a cybersecurity breach, are usually completely unaware that they’ve done anything wrong.
What is social engineering?
Social engineering is the name given to cybersecurity attacks that prey on humans. These types of cybersecurity scam target their victims using three common methods of communication:
– Email (phishing)
– Text message (smishing)
– Phone call (vishing)
In each case, a cybercriminal will attempt to trick an employee into clicking on a malicious link or volunteering sensitive information, such as a username and password, by pretending to be from a legitimate organization, such as a bank, the Post Office, HMRC or another recognisable company.
They’ll target employees with a carefully worded communication that usually includes a time-sensitive call to action, such as the need to log in via a link supplied in the text or email.
Some social engineering attacks even masquerade as a contact from within the company itself, such as the CEO, or someone from the HR or IT department, duping employees into revealing personal details or sensitive login information.
Unfortunately, social engineering is a numbers game and all it takes is one employee for this scam to be successful. It’s such a weak spot in cybersecurity in fact that even major multinational corporations like Uber have fallen victim to social engineering attacks in recent years.
Steps to take to improve your cybersecurity weak spots
1. Educate your employees about the existence and consequences of social engineering scams like vishing, smishing, and phishing through consultations and employee training. Include advice that details what employees should do if they feel they’ve been the target of an attack.
2. Update any software installed on your business hardware like desktop PCs, laptops, and company issued smartphones so they’re running the latest available versions. This will ensure that all security patches are up-to-date and working correctly.
3. Put in provisions that make it mandatory for employees to update their passwords regularly – for example, once a quarter. Make it so that passwords must include a unique combination of upper and lower case letters, special characters, and numbers.
4. Enable some form of two-factor authentication on your IT networks and all password-protected applications employees need to do their job.
5. Ensure employees can only access internal drives and networks using a VPN (Virtual Private Network).
6. Immediately change all your login details – company wide – in the event of an attempted or successful cybersecurity breach on your IT systems.
7. Stop using any programmes or applications that are no longer supported by the developer. Out of date apps are a big cybersecurity risk to your businesses that are commonly targeted by cybercriminals.
8. Always use encrypted and security-protected cloud back-ups to store all files and sensitive data your company holds copies of.
9. Outsource your IT, or aspects of it (like cybersecurity) to a reputable, vetted and trusted, external IT services provider.
For more advice about how to protect your business from a cybersecurity breach, or to discuss your outsourced IT needs, contact our Dragon IS experts on 0330 363 0055 or email us at firstname.lastname@example.org for a free no-obligation chat.