Avoid These 10 Cybersecurity Blunders

In today's digital world, small and medium businesses often think they're too small to be targets of cybercrime, but that's a dangerous myth. The truth is that cybercriminals see smaller businesses as easy prey because they often lack the robust defenses of larger enterprises. With ransomware attacks up by over 200% and phishing scams becoming more sophisticated [Microsoft Digital Defense Report 2023], it's never been more critical to get your cybersecurity game on point. Below is a list of common mistakes many businesses make and how you can avoid them to keep your own business safe.

TLDR

1. Train your employees on cybersecurity basics

2. Enforce strong password policies and go passwordless when able

3. Do not ignore software updates, rip that band-aid off as soon as possible

4. Test your backups, have backups if you don't already, but test them.

5. Don't forget about Mobile Devices, they need protection too

6. Beef up your network security, segment-segment-segment

7. Monitor security alerts, make sure you stay on top of them

8. Upgrade your software, bit the bullet and get it done, maintaining the old is going to hurt you in the long run

9. Lock your doors and windows, that server running in the closet that people put their winter boots on, not a good idea, especially if it's running your crown jewels

10. Have plans for any incidents and make sure your employees and teams know what to do when something bad happens

If you're worried about the cost, ask yourself this: would you rather invest in these preventive measures now or face the potentially crippling expenses of a cyber breach? Imagine losing everything and being unable to restore production because your backups failed, and no one knows how to respond. The initial cost of proper security measures pales in comparison to the financial and reputational damage of a full-scale breach.

Common Cybersecurity Mistakes and Solutions

1) Lack of Employee Training

• Problem: Sure, we can throw tech solutions at problems all day, but let's be real—teaching humans is the hard part. Cybercriminals know this and target people as the primary entry point for attacks. Social engineering tactics like phishing, smishing, and vishing are getting more sophisticated, making them the top human risks.

• Solution: You need a solid security awareness program that's more than just a checkbox exercise for compliance. This means regular, engaging training sessions that go beyond the basics and keep employees up to date on the latest threats. The goal is to create a security-conscious culture where everyone knows how to spot and avoid these scams. It's not just about a yearly meeting; it’s about continuous learning and behavior change.

• Check out this article I wrote that talks about options for end user cybersecurity training: Cybersecurity Training Programs: Empower Your Employee

2) Weak Password Policies

• Problem: Weak or reused passwords are still a huge problem for many businesses. Even with all the tech advancements, a lot of organizations stick with outdated password habits, making them easy targets. The Microsoft Digital Defense Report 2023 (MDDR) points out that password-related breaches are still a major issue, with cybercriminals taking advantage of simple or compromised passwords to break in. The SANS Security Awareness Report 2024 also highlights those human errors, like poor password practices, are a big risk factor​.

• Solution: To up your security game, start by implementing Multi-Factor Authentication. It's a game-changer that adds an extra layer of protection and can stop 99% of attacks. Next, use a password manager like Bitwarden or 1Password to generate and securely store strong, unique passwords, helping you avoid the bad habit of reusing passwords. Get an Enterprise version if you have a team so that you can collaborate and share access. Finally, make sure your team knows why strong passwords matter (refer to point 1) and enforce policies requiring complex passwords and regular updates​. These steps are crucial for preventing unauthorized access and strengthening your overall security.

3) Ignoring Software Updates

• Problem: Skipping software updates is like leaving the front door unlocked. It’s an open invitation for cybercriminals to exploit known vulnerabilities. When you don't update your systems, you're missing out on critical security patches that protect against threats. Cyber attackers are constantly evolving, and outdated software is a prime target for their exploits. The Microsoft Digital Defense Report 2023 emphasizes that unpatched vulnerabilities are one of the most common ways systems get compromised​. Failing to update can lead to serious consequences, from data breaches to ransomware attacks, costing your business time, money, and reputation.

• Solution: Keep your systems and software up to date, plain and simple. This means enabling automatic updates wherever possible and regularly checking for updates on systems that require manual intervention. Make sure you're leveraging advanced security features like Hypervisor-Protected Code Integrity (HVCI), which helps protect against malware, and Smart App Control, which blocks unauthorized applications. These features are part of the latest Windows updates and offer an extra layer of security to prevent unauthorized access and potential threats​​. Staying current with updates isn't just about getting the latest features—it's a crucial step in defending your business against cyber threats.

4) Insufficient and Untested Data Backup

• Problem: Not having a solid backup plan is like playing with fire. If your data isn't properly backed up, you're just one cyberattack away from losing everything. The Microsoft Digital Defense Report 2023 (MDDR) highlights the rise of double extortion tactics, where attackers not only encrypt your data but also threaten to leak it unless you pay up​. It's not just cyberattacks you need to worry about, hardware failures, accidental deletions, and natural disasters can also wipe out your critical information. The Windows Resiliency Best Practices article emphasizes that without a robust backup and recovery strategy, you're leaving yourself wide open to these risks​.

• Solution: To avoid disaster, you need a comprehensive backup strategy that covers all your bases. Start by scheduling regular backups of all critical data, and don't just rely on one type of storage. Use a mix of on-site and off-site solutions, like cloud storage, to protect against physical and cyber threats. Make sure all your backups are encrypted, both when they're stored and when they're being transferred. It's crucial to regularly test your backups and recovery processes so you're not caught off guard in an emergency. Make sure your backup strategy is integrated into your overall business continuity and disaster recovery plan, so everyone knows what to do when things go south. By taking these steps, you'll be better equipped to bounce back quickly from any data loss incident and keep your business running smoothly.

5) Overlooking Mobile Device Security

• Problem: In today's work environment, mobile devices are everywhere, making work more convenient but also introducing significant security risks. Many businesses drop the ball on securing these devices, leaving them wide open to malware, data breaches, and unauthorized access. According to the Microsoft Digital Defense Report 2023 (MDDR), unmanaged devices are a major target for ransomware and other attacks​​. With employees often using personal devices for work tasks, the risk of data leakage skyrockets, especially if these devices aren't secured properly. SANS Security Awareness Report 2024 also highlights the importance of having comprehensive security policies that cover all devices accessing corporate data, not just the typical desktops and laptops​.

• Solution: To lock down mobile devices, a multi-layered security approach is essential. Start by deploying an MDM solution like Microsoft Intune or VMware Workspace One, which allows for enforcing security policies, managing app permissions, and controlling access to sensitive company data. Make sure all devices are encrypted to protect data at rest and in transit; this is crucial if a device gets lost or stolen. Keep mobile operating systems and apps up to date, as outdated software can become a backdoor for cyberattacks, see point 3. And don't forget to implement strong authentication methods like MFA to prevent unauthorized access.

6) Inadequate Network Security

• Problem: Network security often gets overlooked, especially in smaller businesses that might lack the resources or expertise to manage a complex setup. This oversight can leave your business wide open to attacks like malware, unauthorized access, and data breaches. The Microsoft Digital Defense Report 2023 (MDDR) points out that poor network configurations and weak security measures are common ways attackers get in​. Many companies don't segment their networks properly or set up advanced firewalls, which creates security gaps. The SANS Security Awareness Report 2024 also emphasizes the importance of continuous monitoring and a quick response to detect and deal with threats in real-time​.

• Solution: To boost your network security, start by adopting a Zero Trust model. This approach assumes that threats could be lurking both inside and outside your network, so it requires constant verification of user identities and device security. Next, make sure to implement network segmentation. By dividing your network into different segments, you can contain breaches and limit their impact. Advanced firewalls with/and Intrusion Detection Systems or Intrusion Prevention Systems are also key; they help monitor and block malicious traffic. Finally, regularly audit your network configurations and keep them updated to close any security holes.

7) Not Monitoring Security Alerts

• Problem: A major pitfall for many businesses is neglecting to properly monitor and respond to security alerts. It's not uncommon for alerts to get ignored, delayed, or lost in the noise, especially if the organization lacks a dedicated security team or relies on basic, limited tools. The Microsoft Digital Defense Report 2023 (MDDR) emphasizes that quick detection and response are crucial for minimizing damage from security incidents​. Yet, many SMBs either don't have the resources or the expertise to handle this effectively, consider finding a third party to assist with resourcing requirements. There are many excellent partners that provide SOC services. The SANS Security Awareness Report 2024 points out that many breaches could have been prevented or at least mitigated if alerts had been handled appropriately and promptly. Ignoring these alerts can lead to extended dwell times, giving attackers more opportunity to cause significant damage.

• Solution: To stay on top of security alerts, businesses need to set up a comprehensive Security Information and Event Management (SIEM) system like Microsoft Sentinel or Splunk. This tool can aggregate and analyze data from multiple sources, giving you a full picture of what's happening in your environment. It's essential to have a dedicated team or at least a designated person responsible for monitoring and responding to these alerts, ensuring that potential threats don't slip through the cracks. Regularly fine-tuning your alert settings is also important to minimize false positives, so your team can focus on real issues. Lastly, integrating automated response mechanisms can help speed up threat containment and mitigation, reducing the time attackers have to cause harm. By implementing these strategies, you can significantly improve your incident response capabilities and better protect your business from potential breaches. Hire a SOC provider to assist where resources are limited.

8) Using Unsupported or Outdated Software

• Problem: Relying on unsupported or outdated software is like leaving your backdoor unlocked for cybercriminals. Many businesses stick with old systems because they think they "get the job done," but this can be a risky move. Outdated software often lacks essential security updates, making it an easy target for attackers. Without support, software doesn't receive patches for new vulnerabilities, leaving your systems wide open for exploitation. Keeping your software up to date is one of the simplest and most effective ways to boost your security posture. Ignoring this not only increases the risk of data breaches but also puts you at odds with compliance requirements, especially as governments ramp up regulations. It's better to get ahead of the curve now and avoid the potential fallout later.

• Solution: To mitigate these risks, businesses must prioritize regular updates and timely upgrades. Start by ensuring that all systems and applications are running on supported versions that receive regular security updates. Implement a software asset management system to keep track of all software licenses and their support status. This system can help in identifying which software needs to be updated or replaced. Also, consider transitioning to cloud-based solutions where possible, as they often provide continuous updates and security enhancements. Finally, train employees on the importance of using updated software and the risks associated with unsupported systems. By adopting these practices, businesses can significantly reduce the risk of cyber-attacks, ensuring their systems are secure and compliant with industry standards.

9) Inadequate Physical Security

• Problem: In the digital age, it's easy to focus solely on cyber threats and forget about physical security, but the two are closely intertwined. Inadequate physical security measures can lead to unauthorized access to critical infrastructure, resulting in data breaches and other security incidents. The Microsoft Digital Defense Report 2023 (MDDR) highlights that physical breaches often go hand-in-hand with cyber-attacks, as physical access can enable malicious actors to tamper with hardware, install malware, or steal sensitive information. The SANS Security Awareness Report 2024 notes that businesses often overlook physical security, especially in smaller offices or remote locations, making them easy targets for insider threats or external attackers​. Without proper physical security measures, companies are at risk of significant data loss and operational disruption.

• Solution: To address these risks, businesses should implement a comprehensive physical security strategy. Start by securing all entry points with measures like keycard access, biometric scanners, or even traditional locks and alarms. It's essential to monitor these access points with surveillance cameras and motion detectors, providing a real-time view of who is entering and exiting the premises. Additionally, ensure that sensitive areas, such as server rooms, are restricted to authorized personnel only, with strict access controls in place. Regular security audits and drills should be conducted to identify and address potential vulnerabilities, keeping everyone prepared for emergency situations. By integrating these physical security measures with your overall cybersecurity strategy, you can create a more secure and resilient environment that protects both digital and physical assets.

10) Neglecting Incident Response Planning

• Problem: Many businesses overlook the importance of having a well-defined incident response plan, thinking they'll deal with issues as they arise. This lack of preparation can lead to chaos and confusion during a cyber incident, resulting in delayed responses and greater damage. Without a solid incident response strategy, organizations struggle to contain and mitigate the effects of a security breach​. Quick and coordinated action is crucial to minimizing the impact of incidents. Having a pre-defined plan helps ensure that all team members know their roles and responsibilities during a crisis​. The SANS Security Awareness Report 2024 points out that businesses that conduct regular incident response drills are significantly better prepared to handle real-world attacks​. The absence of a well-practiced plan can result in increased recovery time, higher costs, and a greater likelihood of data loss or regulatory penalties.

• Solution: To effectively manage security incidents, businesses must develop and maintain a comprehensive incident response plan. Start by clearly defining the roles and responsibilities of all team members, ensuring that everyone knows their part in the event of an incident. Regularly conduct incident response drills to practice these roles and improve the team's ability to respond swiftly and efficiently. It’s also crucial to establish communication protocols, both internally and externally, to keep all stakeholders informed during an incident. Additionally, document and review all incidents to learn from each event and refine your response plan. By implementing these measures, businesses can ensure a coordinated and efficient response to security incidents, minimizing damage and facilitating a quicker recovery.

References

• Windows resiliency: Best practices and the path forward - Microsoft Community Hub

• Securely design your applications and protect your sensitive data with VBS enclaves - Microsoft Community Hub

• New Windows 11 features strengthen security to address evolving cyberthreat landscape | Microsoft Security Blog

• Windows Security best practices for integrating and managing security tools | Microsoft Security Blog

• Microsoft Digital Defense Report 2023 (MDDR)

• 2024 Security Awareness Report | SANS Institute

• The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win: Kim, Gene, Behr, Kevin, Spafford, George: 9780988262591: Books - Amazon.ca *** While not directly referenced, many of the concepts discussed align with those covered in the book, which also happens to be a fantastic read.

• Bonus: You’re Doing It Wrong! Common Security Anti Patterns | RSA Conference *** Not referenced but a really great session that I highly recommend!