Quick question. How many hours do you spend on any given day thinking about how to protect your business data? Got your answer? Now, make a guess as to how many hours cyber attackers spend trying to get into your network and data? I think you and I will both agree that they have a great deal of advantage over you.
Cyber attacks, such as malware, viruses, and ransomware, have become a whole business for cyber criminals. They devote a huge amount of resources and hire the best coders and researchers to ensure that they can easily get to your data and ask you to pay or lose everything.
Cyber-criminals seem to always be a step ahead of security companies and law enforcement making us think if there is anything at all that we can do to adequately protect our business. Thankfully, there is a lot that you can do to make your business data safer and more secure.
Some of the most common security mistakes that cause breaches include:
Thinking your business in NOT a target
Big mistake. Just because your business is small it doesn’t mean that cyber-criminals are not interested in you. You may have as little as 10 clients or as much as 100,000, your customer data is valuable to hackers. Having a false sense of security actually makes you an easier target for them. On average, the cost of a singe piece of customer data starts at about $16. The price goes up very quickly as more details, especially financial details, get included in the breach. You’ll realize very quickly that a lot of infected small businesses can already be a huge revenue stream for cyber-criminals.
What you should do: This one is easy. Talk to your IT team or provider to assess your current security policies and how you should proceed in strengthening your security.
You’re NOT careful with passwords
Creating user accounts and not changing the default password? Or maybe you’re thinking that keeping your password very simple, such as “password” or even “p455w0rd” is a clever way of remembering them. Another big mistake.
Hackers often use password cracking software that uses a database of the the most common alpha-numeric combinations used as passwords. They use a “brute-force” attack on your system, trying out the most common passwords in quick succession until your machine or network allows them access. It’s so common, you’ve probably seen it done in the movies!
What you should do: Your company needs to have a password policy. Consider and enforce a policy that requires credentials to meet certain minimum standards and be changed on a regular basis. In recent years, 2-factor authentication systems have gained popularity as added measures to further restrict access to unauthorised users.
Not educating your staff about potential threats
Unfortunately, in many cases employees can be the biggest source of security issues encountered by companies. Often-times employees are not brought up-to-date on the ever evolving security risks, latest viruses, or even just security best practices.
What your next move should be: Invest in some degree of employee education and support. This will help prevent the often avoidable errors employees make. A business security policy that is well communicated to your team is an essential part of keeping your data safe.
Postponing or not performing software updates.
I know, I know. Software updates can take a lot of time and potentially some amount of lost productivity on the part of affected employees. They can be very inconvenient. They are also vital to protecting your data.
Day in and day out, hackers are elbow deep in looking for vulnerabilities in software that we use everyday. They look for security holes in operating systems, applications, and plugins. Major software developers even employ their own “hackers” to help them discover these vulnerabilities before cyber criminals do. When they do find them they work hard to develop code patches to keep their software secure. Ignoring these updates, for sundry reasons, puts you at great risk.
What you need to be doing: Make sure that your security policy includes regular required checks for updates and a schedule to install them outside your normal operational hours to avoid inconvenience.
You’re trying to do it all by yourself
As with most small to medium-sized business, you’re probably not excited about investing heavily in a dedicated IT team. Many business owners think that they can secure their network and business data all on their own.
This should possible if you are an IT professional, but still not entirely reliable. Like I mentioned earlier, hackers are working round-the-clock to get to your data. You’re probably more interested in putting your time to good use on growing your business.
What you should be considering: Thankfully, there is an abundance of professional help available. Working with security professionals is a decidedly less expensive solution in comparison to the huge costs of getting hit by a cyber attack. As the old adage goes, an ounce of prevention is better than a pound of cure.
So, how did you fare with the list of common security mistakes small businesses make? If you’re still not sure where to start, why don’t you sign up for a free consultation with us, no obligations whatsoever (well, except maybe a cup of coffee or even a glass of water if its not too much to ask).