Posted on July 28, 2020
Estimated reading time 6 minutes
Believe it or not, 46% of UK businesses were hit by a cyberattack in the past year. 68% of medium sized businesses saw the same. Network security is paramount if you want to keep your business from joining these statistics.
6 common network security mistakes
Fortunately, these events are rarely the result of a sophisticated hack. Cyber attackers love to go after the easiest target, so if you know and avoid making mistakes, you can protect yourself quite effectively.
1. Failing to update regularly
Windows pesters us to update seemingly every week. Chances are, you and your employees often keep ignoring these updates and push them back when they try to interrupt your busy day. This is a major network security mistake.
Windows regularly pushes updates that enable its antivirus and anti-malware software to protect you from new threats. If you aren’t updating regularly, attackers can take advantage. But how do you handle this when you need your employees to be productive? And how do you ensure essential security updates are applied across the whole business, not just in parts?
Solution#1
Keep computers turned on after hours and schedule updates to occur in those off hours. Now updates won’t hassle your employees, but you’ll stay protected. Consider whether it is right for your business to automatically update, but most importantly ensure that you have a process in place for updates and that you mandate it.
2. Password problems
A chain is only as strong as its weakest link, and oftentimes it’s the human behind the machine that makes the biggest mistakes. Passwords are one of the most common entry points for hackers. These errors can fall into two categories.
Weak passwords
Studies suggest that about 86% of people use compromised passwords. These are ones that either are extremely obvious to guess based on your personal information (your last name, for example) or are easy to guess randomly. Believe it or not, people still use 123456 as a password.
What if someone at your office does this? Audit your employees’ user passwords, email passwords, or any other password that could lead to data being exposed. Consider dark web monitoring – we monitor your credentials and alert you in case of a breach.
Reusing passwords
Our memories are limited, and this flaw makes people very likely to use the same password twice. If your employees routinely need to log in to more than one service, odds are they recycle passwords. Poor network security, same password and failure is obvious: crack one and you’ve cracked them all.
Solution #2
You can create different password requirements for each service your business uses. Another option is to use password manager software. All you’ll need is one password and the software automatically generates strong, unique passwords for every service.
Consider staying on the front foot of compromised credentials by reminders for regularly updating passwords, and ensuring they are strong.
3. Public wi-fi configuration
Offering free wi-fi to visitors is a nice gesture that most businesses practice. However, if you’re not careful, it can get you into trouble. Publlic Wi-Fi is one of common cyber security mistakes.
If your employees are operating on the same network as the public, then their data can be intercepted by strangers. Furthermore, if your data server is not properly hidden, people on public Wi-Fi could potentially access your sensitive information.
Solution #3
Always use a separate network when you provide wi-fi to clients. While that network doesn’t necessarily have to have a password, it should not be used for any business activity. If your client needs to get online to do business with you, invite them to use a wired PC or one that’s on your secure network.
4. User privilege oversights
User privileges determine what people can do when they log in to a company computer. If all of your employees have admin privileges, then you open the door to danger. Either by accident or by malice, someone could install malware or allow a virus into the network.
What’s more, if someone’s account gets compromised, then the damage that can be done is determined by their user privileges. A low-level account may allow someone to see data but not delete it or transfer it, keeping you safer than if they had admin privileges.
What’s more, if someone’s account gets compromised, then the damage that can be done is determined by their user privileges. A low-level account may allow someone to see data but not delete it or transfer it, keeping you safer than if they had admin privileges.
Efficient access control measures are even more important in remote working, so that there is a balance between the benefits of a mobile workforce and the security and governance requirements of the business. With the right technologies and processes in place, there is no need to compromise one for the other.
Solution #4
Windows has easy user-management tools built in that allow you to create groups with specific user profiles. This will make it easy to set up accounts for each department in your business and ensure that nobody has too much power. Ensure that only people who really need admin access have it.
5. Email mistakes
Another common infiltration point is via email. Phishing, a common cyber security threat, is a technique used by digital delinquents to obtain your password or other credentials by posing as a legitimate company. When they trick you into giving up your information, it’s game over.
Likewise, dangerous attachments and links can spread viruses and compromise your network security. Email is still the most common attack vector. Of course, you can’t completely control what emails arrive at your inbox, so how do you prevent these attacks?
Solution #5
Train your people! The best way to prevent an attack is to do a simulated phishing attack on your employees to see who falls for it. Afterwards, don’t discipline: educate. Most employees don’t fall for these attacks because they want to destroy the company but simply because they were tricked. Let them in on the secret.
6. Thinking it can’t happen to you
The majority of businesses will experience some form of cyberattack. Do not make the mistake of thinking it cannot happen to you. Be proactive and protect your networks before problems arise.
Evaluate your network security today
If you want to make sure that web security threats won’t concern you, get in touch with us to schedule a consultation and assessment. We can remotely review your network and determine where and how you should implement changes to harden your security posture. We offer this alongside of a comprehensive range of managed IT security services.