A new survey finds that 58 percent of large businesses have experienced cybercrime in the last 12 months, costing around £5,000 ($6,500) per incident. Such trends suggest that cybercrime should be at the forefront of businesses’ priorities to avoid loss of time and income.
The best way to tackle cybercrime is to identify the root causes. So, with 95 percent of cybersecurity breaches resulting from human error, application security SaaS company Indusface have compiled guidance for conducting a so-called ‘cyber-hygiene deep clean’ to prevent cybersecurity breaches in the age of remote working and AI usage.
Common consequences of bad cyber-hygiene are:
- Loss of data
- Misplaced data
- Security breaches
- Out-of-date software
- Older security software
The guidance is designed to help an organisation to build a cyber-hygiene checklist. This might consist of:
Document existing processes
Examine all existing hardware (computers, mobile devices and any connected devices such as printers, fax machines etc.), software (all programs used on your network, or installed directly onto company property like laptops and computers), and applications (web apps such as Dropbox and Google Drive) .
Scrutinise for vulnerabilities
Wipe all unused equipment, update all software and apps, update user passwords, uninstall programs that are not regularly used.
Create a central cyber-hygiene standard operating procedure or policy
Regular changes to complex passwords can prevent suspicious activity, regular software and hardware updates maintains performance and prevents unexpected issues, document all new installs and prohibit employees from downloading suspicious software, regularly back up all data to a secondary source such as a hard drive or cloud storage.
It is also important to focus on anything facing the Internet starting with an understanding of all your public facing assets and having a regular vulnerability assessment and mitigation plan for those assets.
Customer data is the most important asset that any organisation holds. When this data includes PII, any data exfiltration can lead to a whole lot of compliance problems and fines.
Applications including websites, mobile apps and APIs are most often attacked by hackers to exfiltrate data.
Employees could also be used as a backdoor to run these attacks by impersonating them.