6 Mistakes Your Business Makes To Protect Teams Against Cyber-ThreatsAnirban Banerjee
Companies are constantly adding and removing user privileges as employees come and go. In the digital world however, there are risks associated with the revolving door of user accounts and passwords, especially when a company forgets to remove user access to company apps after releasing an employee. This issue has come to the forefront as hiring contractors has become more common. Microsoft has reported to have 2/3 as many contractors as full time employees and sole proprietors reported a two fold increase in the use of contractors over the last decade. As a result, companies need to manage user accounts more frequently and more efficiently.
Companies typically end up spending 10-12 hours per new employee during the onboarding process just to allocate accounts, work out access issues, and figure out who is in charge of providing access. In a 100 person business, this translates to a minimum of 1000 hours of lost productivity. Further, in most organizations, 70% of employees typically have accounts on cloud services that IT has no clue about. The problem is multifaceted and growing as employees and companies embrace cloud services at a rapid pace.
Here is some advice on how businesses can protect their teams.
Be Aware Of Insider Threats
It’s important to be aware that not all cyberattacks come from the outside. Cyberattacks can come from the inside, and may be more damaging than an outside hack, because the insider will already have access to crucial systems.
- The trend of insider attacks typically involve disgruntled former employees, or hackers posing as employees to gain sensitive data.
- Employees pose a risk because they have access to the infrastructure of your network. Disgruntled employees disable content management system (CMS) functions, or launch DDoS attacks against the company network.
- The FBI and DHS have warned that fired and disgruntled employees pose a significant risk to a company’s cybersecurity.
Prevent the Common Mistakes
Small businesses may lack the budget to adequately prepare to deal with cyberattacks in comparison to larger companies with large budgets, but cybersecurity can still be effectively instated without a large resource pool. Here are some of the easily avoidable mistakes that small businesses make:
- Poor password management – A survey by a security firm concluded that 1 in 5 employees would sell their company passwords for $150, and employees are generally lax about their password security. Because employees may have dozens of passwords for individual applications, they may choose easy to remember and easy to crack passwords.
- Not monitoring employee’s behavior – It’s easy to trust your employees in a tight-knit group, but insider fraud is a real thing. It’s estimated that insider fraud is a $3.7 trillion issue worldwide. It may be difficult to detect, but companies should look for patterns in how employees access information. If an employee is accessing systems more frequently than usual, conducting broad searches within applications, or accessing systems without completing the normal transactions, they may be looking for ways to commit insider fraud.
- Not managing users and access strictly – Companies should work closely with security experts to decide the best implementation of network user rights. A simple way to manage user access is with cloud services and 2-step authentication.
- Not planning for an attack – 31% of small business owners fail to implement a comprehensive plan of action for cyber breach responsiveness, according to a Towergate infographic. As technology in the business world increases, so does the likelihood of cyberattacks on any size business.
- Assuming losses from attacks are covered – Businesses tend to make two false assumptions about fraud protection. The first assumption is believing that the government will protect against losses from a business bank account being hacked. The second false assumption is the idea that general liability insurance also covers against data breaches. Both of these assumptions are false.
- No security software – The biggest mistake a company can make is not investing in any security software at all. Firewalls, 2-step authentication, and encryption software are all easily implemented, and cost-friendly.
Why are these issues present within companies today? Common reasons that companies do not conform to good cybersecurity hygiene is because the process can be complicated. Additionally, oftentimes various stakeholders control different pieces of information which means there is no central source of truth. Third, companies don’t see a convenient way to automatically manage cybersecurity going forward. They need an automated, holistic, easy solution.
Take Preventative Action with Onion ID
Instead of allowing security breaches to get the best of your company, get the best of security with Onion ID. We offer the following features and benefits.
Protect your team from hanging cloud accounts – Similar to “low hanging fruit” that is easy for the picking, hanging cloud accounts can be accessed by people who should not be there. By adding extra security to cloud services, Onion ID ensures that your cloud services do not “hang” for hackers to harvest sensitive data.
Easy password management – Because there are so many apps and databases that companies might use for individual purposes, employees need to keep track of a large number of account passwords for each application. This can become extremely tedious to manage, and employees tend to become lax and choose easy-to-guess passwords that result in large security risks, as mentioned above. Onion ID offers an easy solution by remembering and storing the passwords for each account, removing the necessity for the end-user to try and keep track of their passwords.
Easy user management – As workers are added to company digital applications, the list of users will grow exponentially. It will become difficult to manage all of these users, especially when needing to remove or modify user privileges. Onion ID offers one-click solutions and can add or remove a user’s account from all of the integrated applications simultaneously.
Beat back hackers and bots – Because employee passwords are typically easy to guess (the most common password is ‘password’), companies are at large risk for hack attempts and brute-force bots. With the extra layers of security added by Onion ID, such as password encryption and multi-factor authentication, it could take millions of years for a scripted password attack to crack a single user password.
Easy sign up for employees – Instead of the employee needing to download and register for each individual application, the company can push the apps to the worker’s device, granting them instant access and privileges that are configured within Onion ID. This saves time for the company and the worker.
Multi factor authentication – By utilizing multi-factor authentication, such as a PIN code sent via SMS to the worker’s phone, an extra layer of security is added. Users will be prompted for the second authentication method when entering their password.
Prevent hackers from stealing employee and visitor information – A hacker or disgruntled employee can wreak havoc inside a system, even without having access to crucial administrative rights. A hacker could delete important reports, or harvest company emails for later use. Onion ID ensures that all employee accounts added to the system are thoroughly protected and cannot be compromised by even sophisticated hacking attempts.
There is no excuse for companies to ignore basic safety protocols in today’s cyber world, and putting your business at risk could be a fatal mistake when you are unable to recover from the damages caused by hackers. Being aware and taking the proper steps to implement strategical security measures will keep your sensitive company data safe.