After it was revealed almost nine in ten cyber-attacks are caused by human error, experts have named five ways organisations can guard themselves against staff mistakes.
IT experts from HostingSystems.co.uk have issued a warning to UK businesses after it was revealed 88% of cyber breaches were caused by preventable employee mistakes.
Now they have named the five most common, and easily preventable, mistakes made by businesses which could leave them exposed to criminals.
The majority of businesses encounter a security breach due to unsecure systems which have often been left running outdated software.
But with the cost of cybercrime to the UK economy estimated to be around £27 billion, organisations should ensure teams are trained to update systems and keep cybersecurity front of mind.
Since the pandemic, Cloud services and applications have aided the transition to remote working and drastically improved how businesses operate.
However, the experts from HostingSystems.co.uk say organisations who have made the transition without proper cybersecurity management in place could be leaving the backdoor open for criminals to exploit.
Weak passwords are one example of poor security which can leave corporate cloud services defenceless against automated software used by hackers to test weak passwords against accounts.
The storage and sharing of data must follow GDPR legislation which means data owners must undertake risk assessments and vetting to ensure that the location in which their data is stored will be secure and that there is no chance of a breach.
Unless there is clear evidence of negligence from the cloud service provider, investigators usually find data owners to be at fault because of internal misconfigurations.
Juliet Moran, founder of HostingSystems.co.uk says that although cloud providers manage business-sensitive data in their system with complete security measures, business leaders are ultimately the owners of the data and must take care of some measures to protect it from external threats.
She said: “Cyber attacks are costing firms billions every year so many business leaders may be shocked to learn the majority can be blamed on preventable human error.
“Businesses are responsible for their infrastructure, so the data owner is almost always liable for security breaches unless there is evidence the cloud service is responsible.
“A breach can result in the compromising of data from within the organisation, so businesses utilising cloud services must ensure that internal processes, policies and processes are watertight.
“It is also important that decision-makers within a company vet cloud services and explore their options before choosing to store data with them, to ensure they are secure and have suitable privacy measures.
“With the incorrect security measures in place, such as insufficient credential management and poor network security, businesses are putting themselves at risk.
“The cloud is now a fundamental part of modern businesses because of how it has helped to transform processes, cut costs, streamline data and create easily accessible work environments.
“Data stored in the cloud is encrypted and most providers have built-in threat detection software, so as long as companies introduce proper security measures, solutions and procedures to ensure risks are minimised, there is no reason to still be relying on physical data and servers.”
Here are HostingSystems.co.uk tips to avoid making common cloud security mistakes:
1.Make sure passwords are secure
IT departments with poor password security are putting the business at risk of cyber security attacks. Weak passwords that have under 14 characters, with no capitalization or special characters become vulnerable to cyber attackers who can use automated software to test weak passwords. For this reason, it is important to stay clear of basic and common passwords, as well as avoid password reuse across multiple accounts. This will prevent hackers from being able to use the same password to get into other corporate cloud services or programs.
2.Make sure to monitor networks
Employees dealing with the cloud should have an understanding of the system and how to detect if there is suspicious activity. It may sound simple, but systems that are not managed properly have weak spots that will be more vulnerable to attackers trying to access the system. Business leaders should share best practices so that people can spot an adversary and report it before damage is done. It is also important to be able to check that the network security is strong enough to be resilient against attacks, regularly review and update access controls and amend security settings because it is easy for users to misconfigure assets leaving vulnerable spots.
3.Don’t rely solely on the cloud providers
After making sure that a provider is reliable, businesses must work on creating a system to ensure that they keep their cloud system secure. Businesses have a responsibility to take the necessary precautions and steps to address any infrastructure issues to protect the security of the cloud. Although the misconception around data responsibility is somewhat understandable, business leaders should be doing their research into GPDR legislation before making the switch.
4.Add an extra layer of security
Organisations should implement strategies to protect themselves. Whether that be a data-recovery strategy that enables them to manage storage and requirements simply and easily, by re-evaluating how many employees have access to the cloud, or by adding multi-factor authentication. Methods should be used around the wider organisation that are going to stop vulnerabilities. It is also essential to educate employees as to why these measures are so important and how to use them effectively.
5.Keep systems up to date
It is important to always keep cloud software up to date because outdated software is much more vulnerable to attacks and malware infections. Cybercriminals can scan for outdated software and gain unauthorized access to launch attacks and steal or compromise sensitive data. It is vital to maintain and patch systems, and organisations should make sure they are always on top of updates that are important to their security.
