Have you ever heard the old phrase, do as I say, not as I do?
Modern companies could do well to listen to that advice when they talk about cybersecurity.
Despite threats all around them and daily stories of cyberattacks that expose data, reveal company secrets, put customer information at risk, and can cost millions to repair, many companies are nowhere near capable of handling legitimate security threats. This despite the knowledge that small companies risk not just financial woes, but out and out bankruptcy if they are hit with a cyber attack.
What the statistics say
A 2019 survey put out by Microsoft and Marsh dubbed the 2019 Global Cyber Risk Perception Survey showed that 79% of respondents believe cybersecurity is a top 5 priority for their businesses. Despite that claim, they also report that they do not know how best to address the issue, which would probably have their stockholders jumping off a bridge if the poll wasn’t anonymous.
A further question, asking 1,500 business leaders what their opinion of how their firm would bounce back from a cyberattack, revealed that 25% had no confidence that their firm could do so at all.
All these numbers were declines from a similar survey in 2017, which suggests that the prevalence of cyberattacks on all fronts is not being accounted for and that companies are not doing a good job adopting new technology. The study showed that 54% of companies were only evaluating risk to new technology after it had been adopted, meaning its security and company safety were not being made a priority.
How companies can be better at cybersecurity
The best answer is also the easiest one. Better anti-malware security like Bitdefender adopted at every single workstation a company has as well as any remote workstations that can access the main servers and networks are the number-one priority of every company. If this basic step is not met at all times, there is really almost no point in following any other protocol. The antimalware security is not an impenetrable force field around a company, but it does make a pretty good suit of armor to repel most attacks before they find purchase.
A culture of security and ownership is next on the list. It cannot merely be the job of the IT personnel to take part in a company’s cybersecurity, it must be followed by all employees and anyone who is a key influencer in the company hierarchy. If one person leaves their credentials written on a piece of paper at a conference in another city, it becomes a problem for everyone. If a subordinate shares a database password with a former boss, it’s a compromise that cannot be afforded. If passwords are not changed every 90 days, the risk of infection grows by leaps and bounds.
Third, every employee must take it seriously when security patches and updates come down the pipeline. Hackers and cybercriminals thrive on the lackadaisical attitude of employees to not update their systems and frequently use this time to cause chaos.