Security threats are becoming more and more complex. With hackers using more sophisticated methods to infiltrate your systems, even the slightest oversight could result in huge consequences for your organisation. Don’t fall into the trap. Guard your organisation from cyber-attacks and ensure you aren’t making common mistakes. Keep reading as we cover the top 4 mistakes we see most often in organisations. 

Not adhering to basic cyber hygiene practices

Did you know that basic security hygiene can help protect your organisation against 98% of attacks? This includes basic actions such as using stronger authentication methods and ensuring you are keeping on top of your security updates. Here are just some of the ways you can start taking action to improve your overall security posture.  

  • Have multi-factor authentication (MFA) turned on: We recommend that you always authenticate and authorise on all available data points. This can include everything from user identity and location to device health and data classification. 
  • Use least privilege access: Least privilege means restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Using least privilege access can help prevent the spread of malware, improve productivity and can help with data classification. 
  • Utilise anti-malware tools: Protect yourself from malware attacks by installing and enabling anti-malware solutions on all endpoints and devices.
  • Keep on top of your data: Do you know where your sensitive data is stored, and do you know how to access it? Implement data protection best practices such as applying sensitivity labels and data loss prevention (DLP) policies.

Assuming compliance means full security

New cyber threats ae always emerging. Just because your security protocols meet the standards at a given time, does not always mean you are protected from future threats. As well as this, shifting privacy regulations and limited talent and budget can add to business complexities.  

We come across many clients who assume if they don’t see any active attacks that they are safe. We would suggest that you adopt a different approach. Avoid a false sense of security and always be on your guard. If you find an unpatched server, don’t assume no one else has found it or exploited it. Instead, scan the network and check systems as if you knew the server had been compromised as a result of that security find. 

Having little to no information about your environment

How are you supposed to identify and manage security risks if you don’t know your environment? Alongside knowing what systems exist and knowing who has access to what, some organisations don’t have basic inventory of the devices connected to the network.  

This is where you could use something like the threat and vulnerability management built-in module in Microsoft Defender which helps discover vulnerabilities and misconfigurations in near real time. Also, teams can prioritise vulnerabilities based on the threat landscape and detections within an organisation. These insights help security teams identify potential concerns and can help accelerate time to action.

No disaster plan in place

No matter how many security precautions you take attacks are still inevitable and hackers may target your organsiation at any time. As well as preventing these attacks you should have a plan in place to minimise any damage. Your teams should know who to contact and where they can find the resources they would need. 

These could be housed on a company intranet and communicated to everyone during onboarding and reiterated to staff regularly. It’s also useful to know that Azure provides Site Recovery and Backup and other services that help ensure business continuity by keeping business apps and workloads running during outages, while also keeping data safe and recoverable.

While we see these mistakes often, they can be fixed with the right combination of guidance and solutions. If you need help with your organisation’s security infrastructure, contact our team who can help.