Skip to main content

15 Cybersecurity Mistakes Mid-Size Organizations Often Make

I participated in Threatpost’s 15 Cybersecurity Gaffes and Fixes Mid-size Businesses Face Webinar with Timu Kovalev and Erich Kron earlier this year to share my knowledge of today’s cybersecurity issues.

Here are 15 cybersecurity issues many midsize businesses face:

  1. Think they’re too small to be a target: Many smaller organizations are perceived as easier targets, and attacks can go undetected and unsupported. Ensure there are appropriate cybersecurity defenses to protect your business.
  2. Haven’t made a thorough asset inventory assessment: You should be confident that you know what is on your network. Asset inventories should be kept up to date and automated.
  3. No network segmentation: Segmenting your network is foundational to cybersecurity plans, and prevents breaches from spreading throughout the network.
  4. Ignore fundamentals: Businesses should have the cybersecurity basics - asset inventory, business continuity plan, backups, security training, least privilege access policy, and segmentation strategy.
  5. Haven’t done a business risk evaluation: Risk evaluations are important to analyze security risks and allocate adequate resources to mitigate those risks.
  6. Insecure digital assets: All aspects of your organization are at risk of attack - digital assets need to be secured too.
  7. Don’t know what “normal” activity looks like: Some form of device monitoring program should be in place to flag what device communications are normal and which should be investigated.
  8. No two-factor authentication: Two-factor authentication is not only a useful cybersecurity tool, but is also an educational tool, driving employee awareness of cybersecurity issues by making them stop and think about security.
  9. Misconfigured cloud servers, confusion about move to cloud: Securing your data is your job, cloud service providers do not secure your data. Organizations should deploy security in the cloud and control access to the resources moved to cloud.
  10. Not enough user security training: Security training and helping employees understand the importance of security is key to a good security plan. Reminding employees that breaches can cause substantial business disruption as well as damage the company reputation can help them take training seriously.
  11. Haven’t evaluated their own threat to the supply chain: Many smaller organizations are often part of the supply chain for larger organizations, and will start being regulated more. These regulations can impact business function and revenue, so evaluating potential threats to the supply chain early on is important to addressing security risks.
  12. No business continuity plan: Many businesses fail to make a continuity plan or fail to think about a multitude of scenarios. A smart business continuity plan emcompasses cybersecurity.
  13. Strategic, realistic asset allocation and budgeting: Cybersecurity takes time, money, and effort, requiring asset allocation to be realistic and strategic.
  14. Failing to backup: Organizations should have a secure, set place to consistently backup information and protect their data.
  15. Lax patching: Patching is key to addressing vulnerabilities, and should be taken seriously.

Although this list is not all encompassing, addressing those 15 common mistakes can greatly improve your security. Ordr works with many channel partners and managed service providers that can help provide managed security services for you, including deployment and management of the Ordr platform.

Ready to achieve total visibility into what's on your network? Request a free Ordr sensor today and you’ll be able to see what connected devices are on your network in minutes!

About the Author

Greg joined Ordr as CEO in December 2018. Previously, he was VP Business Operations for the HPE Aruba Group, the 4,000 person networking and IoT business unit of Hewlett Packard Enterprise. In that role, Greg was responsible for leading the business integration of Aruba and HP Networking following HP’s $3 billion acquisition of Aruba Networks in 2015. Greg held multiple prior senior executive positions within Aruba, including SVP Business Operations, GM of network management software, GM of outdoor and mesh products and VP of Marketing. Greg joined Aruba in 2008 through its acquisition of AirWave Wireless, a network management software provider that Greg founded and led. Greg received his M.A. from Stanford University and his B.A. from Amherst College.

Profile Photo of Greg Murphy