The 5 Biggest Cybersecurity Risks for Businesses
by CyberTest
Posted on March 27, 2020
1. Lack of employee training on cybersecurity
Not training your employees about cybersecurity can come back to bite you later. You don’t need to
go extreme or spend lot of money on training especially if your small business. Just few of these tips below
being communicated to your employees regularly can save your company time and money in the future.
Tip:
Train your employees not to click on malicious links. If you get emails from outside your company
take extra precautions and review the email carefully. Move your mouse over the link or button and see
where the URL is taking you. If you not sure it’s best to ask your Admin or someone technical to verify.
Tip:
Improper handling of confidential/sensitive documents. All physical documents that are confidential/sensitive
should be kept in locked cabin doors and shredded if not needed anymore. Lot of sensitive information is
exposed because the documents were not properly shredded or was poorly handled like leaving such
documents on the office desk before going home or using it in public places.
2. Unpatched systems and out of date computer networks
It takes time and effort to keep operating systems and software up to date with patches but it’s one of the most
important security requirements to reduce business risks. Same is with using old or unpatched firewalls and
routers. Here are few tips to help you improve your systems and network security.
Tip:
Check for OS or software updates frequently if not done automatically. Always install any security patches
or hot fixes to make sure you are not vulnerable to existing exploits.
Tip:
Run a vulnerability assessment scan every few months of your network to make sure there are no new
vulnerabilities of your systems and networks. If this can’t be done by your team then you can hire 3rd party
to do this for you. For example CyberTest has been helping business for many years to check their firewalls and
networks are secure and sound. Any vulnerability found will need to be addressed to improve your company
security posture and minimize risks. CyberTest with over 20 years of cybersecurity experience offers affordable
but comprehensive assessment that can assist you in this if needed. The bottom line is to find security issues
early and address it before hackers know about it.
3. Weak passwords and reuse of same passwords to other accounts
Using weak passwords for your accounts can lead to account take over and brute forcing if data breach occurs.
As a business owner you should make sure all your passwords are strong and not reused across other accounts.
Here are few tips to help you keep your accounts secure and safe.
Tip:
Make sure your passwords are long and unique. The 8 character password is minimum length however
NIST’s new password guidelines 800-63-3 now recommends long passphrases in lieu of complex passwords with
special characters. So we also recommend to create unique passphrases that are at least 12 characters long but easy
to remember.
Tip:
Check your password against breached password list. You can use https://haveibeenpwned.com/Passwords
Tip:
Do not reuse same password/passphrase in other accounts. Instead use password manager to store all your
different passwords and you just need to remember one master password to unlock your password manager vault.
4. Lack of vulnerability assessment and penetration testing
One of the best investments a business that operates online can make is to get penetration testing conducted on
their systems, applications and network. Finding security issues early can help improve your business security and
save the company time and money in the long run. A 3rd party independent cybersecurity company like CyberTest
can conduct ethical hacking and penetration testing on your business assets to find any weakness to help you
harden your security before hackers find and exploit it. One of the challenges to small businesses is the cost of
getting penetration testing however CyberTest offers affordable prices and provides discounts to startups while
conducting comprehensive testing and ethical hacking. We offer both ad-hoc and more frequent testing as needed.
Here are few tips.
Tip:
Conduct the security assessment yourself or hire 3rd party to do it for you. If you have one done already then
to be up to date with latest threats and vulnerabilities out there you should do this at least once a year or when
new asset needs to be tested.
5. Unencrypted devices and data theft
Sometimes we focus so much on online security that we forget about local device security. However securing your
devices like laptops, tablets and even desktops is crucial to business security just in case it is lost or stolen.
Tip:
For Windows users you can use BitLocker drive encryption to encrypt your drives that contains sensitive data.
Make sure you save the recovery key in safe place like your password manager or a vault. For Mac users you can
use FileVault to encrypt your drives. With the drive encryption you can be safe that if it is lost or stolen the thief’s
can’t read the data from the drives that are encrypted with BitLocker or FileVault.
Tip:
For any storage where you backup your data should also be encrypted using file level encryption or drive level
encryption like BitLocker or FileVault. You don’t want unencrypted backups be your weakest link.