Every day our news feeds remind us that cybercrime doesn’t take a vacation. According to a 2016 report, by 2021 cybercrime will cost the world $6 trillion.
As technology advances, the threat security landscape continues to evolve and today’s businesses must be diligent about protecting their data and their resources. While cyber security can be incredibly sophisticated, there are some very basic things that organizations can do to minimize threats and defend their assets.
Cyber Security Mistakes Businesses Make
#1 - Thinking it won’t happen to them - Small businesses often fall into this trap by assuming that they are too small or insignificant to be targeted. No matter your size or the industry you operate in, your business has data that is valuable. Smaller businesses are often targets and an attack can be fatal to a small unprepared business. According to UPS Capital, 60% of small businesses go out of business within six months of an attack. By simply being aware and putting some basic best practices in place, a small business can decrease their chances of becoming one of these statistics.
#2 - Not doing the basics – Whether it’s because you’ve heard about them so much or because you assume your “IT guy” has it all covered with the more sophisticated programs, overlooking basic IT security details can open your organization up to significant threats.
The basics include practices like solid password policies, making sure ex-employees don’t continue to have access to your systems when they leave, encrypting devices, properly disposing of old computers, not protecting generic accounts and securing wireless access points.
Be sure to check out our post on 15 Ways to Protect Your Business from a Cyber Attack for more information on basic practices to put in place.
#3 - Using untrained staff – Having a solid cyber security plan in place includes regular training – for ALL staff – not just those directly involved on your IT team. Research shows that “90% of all cyber claims stem from some type of human error or behavior.” Some security basics may seem like common sense to more experienced leaders, but making the assumption that everyone in your organization in well-versed in the latest cyber threats and how to avoid them is a mistake too often made.
Training employees on the use of security software, policies on handling sensitive customer information, software downloads, and knowing how to recognize a phishing scam are critical to avoiding threats to your company data. By implementing regular training and practices that help your team stay informed, you can increase awareness about the latest security threats. When your entire team has this kind of knowledge, it can go a long way in avoiding loss. Ongoing security training can also be a real confidence booster for your employees – remember, they are your most important resource!
#4 - Not updating software and hardware – Knowing the ins and outs of your network infrastructure and software are another important key to protecting the integrity of your resources. When the proper protections are not in place, the doors open to breaches that could have otherwise have been mitigated. There is a reason that software products launch updates and patches – because they’ve found problem areas and implemented “fixes” to bugs and other vulnerabilities. While understanding your systems and software and having a sense of urgency about updates can seem like added responsibility, the importance of proper updates cannot be overstated. IT security threats advance at an incredibly fast pace and outdated products simply cannot continue to protect against the latest risks.
#5 - Attempting to handle it internally – Unless businesses have in-house security experts who live, eat, sleep and breathe the latest in IT protection, attempting to manage cyber security internally is a dangerous proposition. Simply investing in the latest anti-virus software is not enough to fully protect your company and its data. Cyber threats are incredibly complex and continue to become more sophisticated. Implementing basic practices can help to reduce risks, but having trusted security professionals who know how to mitigate problems as they arise monitoring your systems round-the-clock is the key to thorough cyber security.
According to UPS Capital, cyber attacks cost small businesses between $84,000 and $148,000. A comprehensive security plan managed by qualified experts provides a proactive approach to cyber security and is a sound investment against paying the damaging price of an attack which not only results in data and financial loss but can be devastating to a company’s reputation and integrity.
Though different businesses have different needs and there may be no one-size-fits-all solution, avoiding some of these common cyber security mistakes can help ensure a solid approach to defending against cyber threats.