Cybersecurity threats are growing in number and scale. Cybercrime is rising due to the COVID-19 pandemic — there’s been a 600% increase in malicious attacks since the beginning of the crisis.
It’s quite easy for companies and business executives to overlook certain aspects of cybersecurity. However, enterprises should prioritize maintaining a strong, comprehensive program to mitigate the risk of experiencing cybercrime.
Some of the most concerning threats are almost hidden in plain sight. Failure to identify potential risks can leave a company vulnerable.
Here are five common cybersecurity risks that organizations across various industries typically overlook.
1. The Internet of Things (IoT)
Advanced sensors, smart accessories, or other connected devices commonly come to mind when the average person thinks about Internet of Things (IoT) devices. However, some IoT items fly under the radar and pose risks to an organization.
For example, major retailer Target faced a cybersecurity breach that infiltrated its HVAC system in 2013. Target said the breach exposed approximately 40 million debit and credit cards. Organizations must identify any system or network that can be hacked, even seemingly innocuous.
Even something as minor as an office printer can be a major target for hackers. One study found that only 38% of IT decision-makers and influencers in U.S. companies feel document security is a priority for their organization. Be sure to identify any devices that could be subject to a cyberattack and protect them accordingly.
2. Malvertising
Malvertising is a practice malicious hackers use to sprinkle code into legitimate-looking online advertisements. Some of the world’s most popular sites, including the New York Times and Spotify, have inadvertently placed malicious ads, making their users more susceptible to experiencing a cybersecurity incident.
Malvertising is growing rapidly — it’s reported that in 2017, Google had to block 79 million ads intended to send people to malicious sites. Additionally, the tech giant had to remove 48 million ads that tried to get users to install unwanted software.
3. Unsecured Personal Devices
With the increased number of remote workers, it’s no surprise that many companies have adopted a bring-your-own-device (BYOD) culture. Employees benefit from using something they’re familiar with, and employers find it helps boost productivity and removes the learning curve associated with new software and applications.
However, BYOD culture has brought many of these companies unwelcome cybersecurity risks. Enterprises must consider adopting a robust BYOD policy to ensure all employees use best practices during work hours.
4. Poor Password Hygiene
Surprisingly, many small and medium-sized businesses still use weak passwords to secure their online accounts. Companies must use unique, strong passwords for their accounts and applications.
Good password hygiene is essential for all types of businesses. Encouraging employees to use special characters in passwords can be helpful. Additionally, a growing number of companies are opting for password management software for better security. Be sure to choose a password manager with cross-platform functionality.
5. Inadequate Cybersecurity Training for Employees
Trying to sell employees on attending a cybersecurity training session is challenging. Some will put it on the back burner, leaving organizations susceptible to attacks.
Employees must be trained on basic cybersecurity essentials. Everyone should be on the same page about risks and identifying suspicious activities on computers and other devices, like smartphones.
Make Identifying Cybersecurity Risks a Priority
All departments in a workplace can be targets for hackers in today’s connected world. Every employee is responsible for using best practices, no matter how large or small an organization is. Consider some of the risks above when creating a cybersecurity program.