From increasingly sophisticated forms on ransomware to the rise of hacktivism, hackers are constantly and quickly improving their cyber attacks. Organisations are being forced to implement new defenses to prevent such threats.
Yet despite the growing threat, many SME’s still believe that they wont be affected.
The next five years are due to see a 15% increase in cybercrime costs reaching 10.5 trillion by 2025.
With that in mind, here’s a list of the most common cybersecurity mistakes we see businesses make; and most importantly, how to avoid them!
Hire The Relevant Staff
One of the most crucial errors we come across is companies putting somebody with no technical expertise in charge of keeping their systems safe.
What this means for your business is that they lack a thorough understanding of the risks, and how technology and processes offer protection. Cyber threats are constantly evolving so its essential to have a dedicated expert who can manage the changing needs of the business. If you’re not ready to hire a CTO, and none of your existing team has technical expertise, consider taking on an external consultant to bridge the gap.
Bad Password Practice
I’ve lost count of the number of data breaches caused by poor password practice, whether that’s not updating them regularly, using the same passwords for various accounts, or choosing basic words and references.
Avoid passwords such as ‘Password1’ or ‘123456’
- You are using private certificate-based authentication
- Ensure passwords are changed at least every 60 days (include a combination of letters, numbers and symbols)
- Enable two step-verification whenever possible to provide an extra layer of defence
Failing to engage employees
According to a recent study by IBM – human error is responsible for 60% of data breaches.
- Emailing an attachment that contains hypersensitive data to the wrong person
- Accidentally downloading ransomware from a suspicious link
- Employees innocently leaking data or company passwords
The best way of tackling this issue is putting in place a Cyber and Data Protection Policy.
This outlines what is expected of employees and how to keep company / business data safe.
Failure to update software
Another common error is falling to back up your systems correctly. If your files are deleted or corrupted by an attack, there’s no way of restoring them. We recommend backing up your systems off-site, every day, as well as checking the quality of the backups periodically.
Configuring automatic updates from trusted providers can make sure these are installed regularly.
No response plan
Too many small businesses are slow off the mark and disjointed when it comes to recognising and responding to an attack.
As soon as an attack or breach happens, you need to know:
- Who is making decisions and setting a response plan in motion
- Whom you need to contact for legal, IT forensic and public relations advice
- How you’ll approach communicating with customers
Having cyber insurance in place can also be invaluable to cover any legal costs and compensation you have to pay, as well as your own out-of-pocket expenses as a result of an attack.