Cybersecurity Needs for Businesses
Connected technology, Internet-enabled (IoT) devices and other digital services each come with their own security risks. But when used in concert with businesses and their data, these technologies can present more substantial cybersecurity risks than those used for personal use.
Vendors, suppliers, partners and other third-parties associated with your business can also increase your risk for a data breach. Consequently, businesses have spent millions on cybersecurity solutions to combat the risks of the multitude of online, data-driven business services.
Businesses must prepare for the added cybersecurity risks that come with connected technology. But aside from new tech, businesses must also be willing to emphasize cybersecurity awareness and education along with their stringent security protocols.
Data Breach Domino Effect
A common misconception is that small businesses are “too small” to be targeted in cyberattacks. It’s not surprising since larger companies typically store data priced higher on the Dark Web than data from smaller organizations.
However, fraudsters often target small businesses as a way into larger companies simply because it’s easier to breach a smaller company with fewer security and IT measures put in place. The Ponemon Institute found that 56 percent of all 2017 data breaches originated from third-party attacks
A well-known example of a supply-chain attack was Target’s 2014 data breach that affected over 110 million customers. The cybercriminals responsible for the attack accessed Target’s main systems through an HVAC vendor with lax security.
Cybersecurity Tools for Business
Online and digital tools for business have become common staples in virtually every industry. Bring Your Own Device (BYOD) policies, login authentication processes, password managers and data backup services have become stock items in any business security plan.
While these tools are designed to secure sensitive business data, accounts and networks from cybersecurity threats, human error still plays a major role in a business’ overall security. Therefore, an effective business cybersecurity plan will focus on awareness and prevention in addition to proper configuration.
More than half of data breaches are caused by weak or stolen passwords. Password managers, first geared toward consumers for personal use, are now a crucial business tool – especially for teams that share access across multiple business accounts.
Dimensional Research found that 42 percent of companies had some type of password vault for their general users. However, the downside of password managers within businesses can be seen when they are not used effectively, consistently and with best practices in mind. Therefore, it’s imperative that your employees and other business users first understand the risks associated with weak or shared passwords.
Single Sign-On Capabilities
Single sign-on (SSO) is a login mechanism that links one set of login credentials to multiple online accounts. Unlike password managers that store credentials for your online accounts, SSO gives you one credential pair to access them all.
Businesses often implement SSO as a convenience feature for employees, clients and customers. In fact, SSO capabilities allow faster, more efficient user logins, as well as optimize business processes like employee on- and off-boarding.
With SSO, administrators can activate or deactivate user access to all business accounts from one place, ultimately decreasing the likelihood of unauthorized access to your secure business accounts. But the convenience of SSO may be at the cost of your account security, especially if your users are not creating strong, unique passwords.
Without understanding the risks of creating and reusing weak passwords, this convenience feature can be quite damaging to a business. Fraudsters could potentially access not one, but all accounts linked via SSO with just a single pair of login credentials.
Cloud Storage & Online Backup Services
Most of today’s businesses utilize cloud storage and online backup services simply because most data can be accessed through online or digital channels. Services like Amazon Web Services (AWS), Microsoft Azure and Verizon Cloud Compute address the business need for convenient data storage and management tools (and let’s not forget how much space you save by storing it all on the cloud!).
Data breach reports in the news may give cloud storage services a bad name. Two major data breaches in 2017 – Alteryx and Deep Root Analytics – were reportedly tied to cloud storage services.
However, further investigations found that both incidents were due to misconfiguration, allowing public access to millions of sensitive business records. Again, another example that illustrates how awareness and education can often be your best defense against cybersecurity risks.
Alteryx & Deep Root Analytics Data Breaches
The Alteryx data breach that exposed 123 million American households was not caused by a malicious hack. Instead, the files were uploaded to an AWS server and configured to allow any AWS “authenticated user” to view and download the data.
The Deep Root Analytics data breach from earlier this year, affecting 200 million U.S. voters, was also caused by human error. The names, birth dates, addresses, phone numbers, voter registration information, ethnicities and religious affiliations were found in a file uploaded to a publicly-accessible cloud server.
What should I do?
Most, if not all businesses, use at least one digital or Internet-enabled service. As such, companies of all shapes and sizes can use the tips below to help improve their overall business cybersecurity:
- Regularly review your third-party security policies. In fact, Ponemon Institute found that evaluating the security and privacy policies of all your suppliers could decrease the likelihood of a data breach by nearly 20 percent.
- When in doubt, opt for security over convenience. Digital services are often associated with efficiency and convenience. However, they can also leave you and your business vulnerable to cyberattacks and other online threats. Be sure that you are not trading security for convenience.
- Emphasize awareness and education with your employees and other business users. Even with the best tools put in place, don’t forget that human error still plays a major role in business security incidents.
Continue following Fighting Identity Crimes for the latest breach and scam updates, ID protection news & tips from our industry experts.
Follow us on social media!
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.