Businesses Still Ignoring Basic Cybersecurity Safeguards, New Report Shows

By the DynaSis Team

For many small and midsized business owners, cybersecurity is a maze with no apparent exit. Bad news arrives daily, and “recommended” or “best practices” solutions can differ from one IT solutions provider to the next. As a managed IT services firm that helps companies navigate this maze on a daily basis, we understand how confusing cybersecurity can be. Even so, that doesn’t mean business owners can afford to ignore the threat landscape and hope it will go away. It won’t.

Last week, we read the annual Data Breach Digest from Verizon, an incident report that identifies cyberattack trends. To pinpoint the trend lines, a team of investigators explored more than 500 cybersecurity incidents from 2015 and then analyzed them with data from the two previous years.

Some of the results were unsettling, to say the least.

• Human error is still responsible for a large percentage of data breaches (30% over the past three years). Among breaches caused by human error, phishing (spoofed emails or websites that look real, to which users respond and become infected) accounted for 72% of those breaches.
• Initial compromise is happening the same ways it has for a decade, including email, social media, and infected thumb (USB) drives.
• Perhaps most disturbing, the report found that 80% of all data breaches--even those not officially assigned to human error--involve exploitation of stolen, weak, default or easily guessable passwords.

Since the dawn of corporate computing, experts have been urging companies to require secure passwords—and to teach employees how to keep them safe. The fact that 80% of breaches involve compromised passwords surprised even us.

Human gullibility will never be eliminated, which is why cybercriminals rely upon it. However, organizations can teach employees how to recognize danger—and avoid giving into their gullible natures.

In addition, requiring strong passwords throughout the organization is one of the single easiest steps a business owner can take to secure his firm and its assets. Even if you don’t think you can afford an advanced threat detection and mitigation solution or don’t have the time to conduct a “safe IT practices” training session for personnel, it is business suicide not to enact and enforce a password policy.

If you do not have a password policy, we urge you to create one, now. Issue a memo about passwords with a deadline, and identify a trusted management or IT staffer to follow up and ensure compliance. To get workers excited, sponsor a contest, and offer a gift certificate or other perk to the person with the best password and the one that reaches compliance first.

To help you get started, here are a few pointers:

• Passwords must contain at least eight characters; 14 is even better.
• Passwords must not contain the user name or parts of the user’s full name, such as a first name.
• Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers and symbols.
• Passwords must be changed at least every 90 days, and personnel should receive a task reminder via email, calendar, etc. that won’t go away until they confirm completion.
• Passwords for company resources must not be shared with anyone—even other employees—not should they be transmitted to other devices via email or other method “for safekeeping” or any other reason.
• The firm should have a written, enforced policy that states failure to adhere to password guidelines may result in termination.

Many data storage solutions incorporate strict password policies, and a number of affordable security solutions police them. After you get everyone on board with password management, consider working with an IT consulting or IT support firm to adopt a technology-based enforcement mechanism. It will pay for itself, quickly.

DynaSis has been Atlanta’s premier IT support services provider for more than 23 years. As an IT company working with small to midsized businesses (10 to 150+ users), DynaSis has developed a unique 12-layer approach to network threat protection, ransomware prevention and crypto virus threat elimination. The DynaSis Business Cloud functions through a highly secure environment with full real-time data backup. Please contact us at 678.218.1769 or visit our website at www.DynaSis.com.