Cyber security threats change almost by the minute – and now that so many workers are remote, companies are having to overhaul their cyber resilience strategies. Not only are remote-work settings often less secure, they allow for a trojan-horse approach to gaining access to company assets, as well as those of your business partners.
While cyber resilience can require some complex policies and solutions, many of the best ways to improve your cyber security is by avoiding a few common mistakes:
Assuming Trustworthiness: Historically, networks assumed that a device or user was trustworthy unless they proved otherwise, but that was in the days when a firewall kept unwanted traffic out of the WAN (wide area network) and users were all stationed at headquarters. Things are a bit different now, with cloud environments sending data across potentially unsecured pathways and workers logging in from home or on the road.
Implementing a zero-trust approach to company assets is a way to put context around access. This means that employees can utilize only what they need for their jobs, and it assumes all devices and users are untrustworthy until proven otherwise.
Deprioritizing Training: Your employees should be trained to recognize a phishing email and what to do when they receive one. Once they understand the economic impact, as well as the potential impact on their particular jobs, they will be more inclined to accurately identify and mitigate a phishing email situation.
Employees can also be trained in areas like password integrity and device security, as well as the dangers of shadow IT.
Only Doing On-Site Backups: A backup is a helpful tool in the case of a breach, restoring data and systems quickly after the attack. But many companies make the mistake of only investing in on-site backup technology. A backup stored in the cloud not only protects against a breach that affects your on-site systems, but it’s also helpful in the case of a natural disaster that wipes out your on-site backup.
Going Cheap on Payment Processors: A good step in pursuing cyber resilience is ensuring that your third party payment processor is adhering to the Payment Card Industry Data Security Standard (PCI). A few companies allow merchants to not be PCI-compliant, but you need to have your eyes wide open. If there’s a breach, you’ll be stuck with the bill. A breach runs a minimum of $80,000 for each incident when you are not PCI-compliant.
Expecting to Get Your Data Back: If you are the victim of a ransomware attack, you may be tempted to pay the money just to get your data safely back in your hands. But don’t expect that hackers will suddenly adhere to a moral code simply because you paid them. You likely won’t get your data restored, or it may be only partially returned to you or encrypted in a way that makes it inaccessible. The hackers may even try to get you to pay more for access.
While these are common missteps in a cyber resilience approach, there are things you can do to improve your positioning against hackers. Tools like multi factor authentication, continuous monitoring, and secure access service edge (SASE) can help protect you against a breach. To learn more about leveraging the best technology for cyber resilience, contact us at Safari Solutions.