The “Red Herrings” of Cybersecurity
November 14, 2019 by Jon O'Keefe

When most people hear about data breaches and cybersecurity incidents, it’s usually an enormous breach (think Equifax or Marriott) on the news. It’s also assumed that the criminals behind said attacks have used high-tech, zero-day exploits that have never been heard of to breach said company and steal the data. These incidents make for great attention-grabbing news stories, but they are not the kind of incidents that every company necessarily needs to be on the lookout for.

 

Although these cyberattacks are not meant to be “red herrings” (aka distractions from other information) in the world of cybersecurity, they have formed the mental picture of what a cyber incident looks like for many people. The truth is that most incidents are much quieter and through the path of least resistance. Cybercriminals love to find the easiest route into an organization, which is typically something like overlooked outdated software or human error. Even if you have every monitoring system and firewall in place at your company, you may not actually be fully protected due to simple errors.

 

We’ve put together just a few examples of ways that you can tighten up your company’s security to help keep your organization protected from cybercriminals:

 

  • Secure Collaboration Platforms – With many businesses working remotely these days, it’s common to use programs like Slack, Skype, and other third-party vendors for messaging services, forums, and platforms to discuss business. If the wrong person were to be able to hack into these programs, and access internal communication, it could be devastating for your company. Make sure that your organization has implemented detailed instructions for the management of internal communications through approved and secured platforms only to avoid issues.
  • Manage Cloud and Program Permissions – It is always convenient for coworkers to be able to share things across cloud platforms to avoid having to ask for things, but it can also open your company up to a world of problems when incorrectly managed. If every employee has access to add, change, or delete files, you are creating an enormous gap in your overall cybersecurity. Instead, give your employees the access they need to get their jobs done, but don’t give them the run of all of your files.
  • Prevent Human Error – While it is certainly easier said than done, try and prevent human error within your organization as much as possible. Skill-based errors can happen with repeated tasks over time, so be sure that the end-user knows exactly what to do should that occur. Decision-based errors occur when employees make the wrong choice or do not have the necessary training to choose correctly. Your employees are human and mistakes are inevitably going to happen, so take the time to ensure that ideally know how to avoid issues and that they know how to handle said mistakes.

 

The next time that you see a major data breach or hacking incident in the news, take note and heed the word of caution, but make sure to focus on the threats directly affecting your company. At Logical Operations, we offer a variety of training and certifications to help you keep your employees informed and your business protected. Click here to learn more.