By 2025, Cybersecurity Ventures predicts the world will need to store 200 zettabytes of data. Cybersecurity Ventures also expects the annual worldwide cost of cybercrime to reach $10.5 trillion by that same year. We would be naive to think the two stats aren’t related.
With rampant data growth providing the means and motive for cybercriminals, it’s up to individual organizations to remove the opportunity. Awareness is the first step in preventing cybercrime and data loss, so we’ve compiled a list of some of the top ways businesses leave themselves vulnerable to both accidental and malicious data security events.
1. Reliance on Microsoft Office 365
Microsoft Office 365 is a hugely popular business productivity solution, with more than a million organizations using the subscription-based platform worldwide. Office 365 tools such as SharePoint Online, Exchange Online, and OneDrive for Business are, without a doubt, invaluable for helping today’s teams perform at their peak level. But for all the benefits, it’s also important to understand Office 365’s data protection limitations.
Office 365 is subject to Microsoft’s Shared Responsibility Model, which boils down to the following: Microsoft is responsible for maintaining platform uptime; you are responsible for preventing data loss. Although there are some limited native Office 365 backup tools, relying on them as your sole source of backup puts your organization’s data at risk from human error, intentional deletion, internal and external security threats, and technology failures.
If your business uses Office 365, it is crucial to invest in a third-party data protection and backup solution that provides proper long-term retention as well as point-in-time recovery and meets the specs for compliance and regulatory rules.
2. Poor Patch Management
Ransomware is always evolving, so if your patches aren’t up to date, you are essentially rolling out the welcome mat for cybercriminals.
Patching can be time-consuming, and many IT teams are already spread too thin to stay on top of updates. Now add to the mix the rapidly increasing rate of digital transformation and the recent surge in remote employees and mobile devices being used to access the company network. It’s no wonder that the 2020 Cyber Hygiene Report shows that 58 percent of data breaches in the past two years were a result of missed operating system or application patches.
Security patches are too important to be done ad hoc or in response to a high-profile vulnerability that makes the news. To prevent cyberattacks and protect against data loss, you should implement a patch management strategy that includes comprehensive system and application coverage and utilizes as many automated processes as possible or, better yet, outsource to a third-party cloud services provider that takes care of patch management for you.
3. Employee Negligence
Employee negligence is a blanket term that can mean anything from successful phishing attacks and unsafe internet surfing to weak passwords and unsecured mobile devices. However, at the heart of every case of employee negligence, you always find the same thing—a human.
The Ponemon Institute’s 2020 Cost of Insider Threats: Global Report found that more than 60 percent of security incidents can be attributed to negligent employees. Educating employees on cyberthreat awareness and safe internet usage should be an ongoing focus for IT security teams, but that takes care of only part of the problem.
Implementing strict password and account management policies, as well as documenting and enforcing adherence to IT and data policies that cover remote access, encryption, and application downloads, will add another crucial layer of security to prevent data loss from internal threats.
4. Remote Workers
When COVID-19 hit, millions of workers were sent home practically overnight. IT departments around the globe struggled to throw together an infrastructure that would balance employee productivity with data and system security. The early days were rough as companies tried to secure a rapidly widening attack surface with no time to put together a strategy to mitigate the new and unknown risks.
Without adequate time to plan or procure resources, remote employees were accessing sensitive company data from unsecured Wi-Fi connections, family members were sharing devices used for both business and personal computing, and cybercriminals were taking full advantage of the madness. Preying on stressed and distracted remote employees, ransomware attacks increased, and the already popular RFP/VPN targeted attacks saw a surge.
Almost a year in, companies have either started to bring employees back in-house or adapted to the new remote-workplace normal. The lessons learned in 2020 have reinforced the need to create a security perimeter outside of the traditional firewall, which has prompted many organizations to invest in cloud-driven data protection solutions.
5. Inadequate Backup and Data Protection Strategy
One of the biggest mistakes organizations make with regard to cybersecurity and data loss prevention is a failure to plan for a disaster. Too many companies have no formal crisis response plan, their backups are inconsistent and incomplete, and they rely on out-of-date cybersecurity and data loss prevention tools that are ineffective against today’s ever-evolving threats.
Proactively planning for a crisis means your organization is ready and able to bounce back after an unplanned disruption with minimal downtime and near-zero data loss, and your business operations are up and running quickly.
Cybersecurity and data loss prevention cannot be left to chance. Knowing the major threats to the business and having a well-tested plan in place to protect mission-critical data and applications are both high priorities for enterprise IT security teams.
If your organization relies on Microsoft Office 365, data protection is even more crucial. Download Don’t Get Caught Assuming: How to Protect Microsoft Office 365 Data to learn more ways to prevent data loss and create a rock-solid backup strategy.