This is Part One of a three-part blog series on virtual security.
Cyberattacks worldwide jumped by a staggering 48% between 2013 and 2014, according to the 2014 PricewaterhouseCoopers Global Infosec Survey.
Based on statistics like these – and on some of the hair-raising practices we’ve seen in our years doing IT security audits and consulting – we’re comfortable saying that most companies should be very worried about virtual security.
Beware these everyday security mistakes. We see them over and over again. If your company is making any (or all) of them, consider yourself extremely vulnerable to hacking. Data theft. Revenue theft. PR disaster. Customer exodus.
Read on to find out what these common security mistakes are and what you can do next. Before it’s too late.
Security Mistake #1: Overlooking social engineering.
Does your company specifically train employees on social engineering? That is, what it is, how to recognize it and how to handle it?
Social engineering is a commonly exploited threat vector, especially now that LinkedIn, Facebook and other social networks make it trivial for an attacker to piece together internal details about your company.
Phishing via email is the most common social engineering vector we see. It’s dangerous because so much information can be gleaned – and stealthy malware can be transmitted – in emails that appear legitimate to end users.
Security Mistake #2: Assuming you haven’t been compromised.
Many people assume that if they haven’t been personally alerted of suspicious activity– the bank flagging an unusual transaction, say, or your IT department noticing something odd – then they’re in the clear.
But the truth of the matter is that, in the past two years, whether you know it or not, you have likely done business with a company that has been compromised. And sophisticated attackers can penetrate a poorly secured network while barely causing a ripple.
If you don’t have active credit and fraud monitoring mechanisms in place and your accounts do get compromised, untangling the mess could take months and the financial and reputational impacts could persist for years. According to the 2015 Cost of Data Breach Study conducted by the respected Ponemon Institute, the average total cost of a breach is $3.8 million.
Security Mistake #3: Assuming you’re too small to be a target.
Small businesses, you’re not off the hook here. People ask us what industries and business sizes are at risk. Our answer? Everybody is at risk.
It used to be that hackers would go after big-dollar, enterprise targets and then get out fast – call it the heist approach. More government regulation and oversight, especially in in retail (think Target Corporation, Home Depot), have chased hackers into different territory. So the new black-hat strategy is to hit many small companies for a little bit of money on a regular basis and hope they don’t even notice.
Stay tuned for Part Two of our blog series on virtual security. In the meantime:
- Read this post: Full-Spectrum IT Security [CHECKLIST]
- Watch our Executive Briefing Series
- Check out Involta’s security services, including security assessments and managed security
Involta offers multifactor assessment services designed to test and strengthen your security, including security assessments and vulnerability scans.