What we see quite a lot when out in the field is the mindset of some small businesses. This mindset stems from something like this – ‘why would an attacker come after my business when they can go after the likes of eBay, Amazon, PayPal and so on who make my organisation look like a grain of sand?’. The reality is that small businesses most certainly are not safe in the world of cybercrime – for attackers they are viewed as low hanging fruit and easy pickings for a quick pay day.
As your business begins to grow you will probably be thinking about hiring more team members, moving into a bigger space and trying to reduce your costs while increasing efficiency amongst an array of other things, but there is often one thing that gets left behind and that is cybersecurity. In reality though when growing your business through all of these methods, your level or cybersecurity should be on the top of your agenda. As you grow with more devices and basic systems you have a host of vulnerabilities in your network which are ready for cybercriminals to attack. Setting some resource aside for cybersecurity is a must if you want your business to succeed – approximately 45% of small businesses reported a cyber-attack in the last year. For today’s post we have summarised the 4 most common mistakes we see and what we advise to mitigate against them.
The biggest killer – lack of user training
The biggest weakness in almost every organisation’s cybersecurity chain are the teams that they employ. A lack of staff awareness of the latest cyber security threats can be very costly for business owners – all it takes is one rogue click on an email and one of your team could have just downloaded the latest piece of ransomware onto your network or had their log in credentials stolen by attackers.
One of the only ways to combat these threats is to train your teams, and as such here at Complete I.T. we have created several free quizzes that you can distribute throughout your organisation. This one for example tests their ability to spot phishing emails.
Poor permission protocols
When first starting out it isn’t unusual for small business to have networks that bring together users and their data into the same place. But as your business continues to scale, pooling users and data together like this can bring an array of problems. Under the GDPR the handling and processing of personal data has been brought into the limelight and you can face some big fines if you fail to control them properly.
To ensure you comply with the GDPR, as you grow you will need to properly segment your networks to ensure only the correct people have access to the correct data. There is no need for your marketing team to have access to confidential HR files, and so segmenting your network should be at the forefront of your do to list.
A lack of bring-your-own-device (BYOD) policies
As you’re continuing to grow your business you may see the benefits of having a BYOD policy – this can reduce your hardware costs significantly and means your teams can take their work outside of the office. This does also mean that all of your important business information can also walk out the door along with your employees at the end of the day.
If you are set in having a BYOD policy, it is vital that you set out a clear set of guidelines about what is and isn’t allowed to enter the network. If employees are using their own devices they should all be using two-factor authentication to access their accounts and should use VPN connections when using public or unsecure Wi-Fi networks.
Get your back-up
During 2018, the year of cybercrime, we have seen an unprecedented rise in the number of ransomware attacks that are hitting small businesses. If you are unfamiliar with the term, then ransomware attacks occur when an attacker manages to encrypt all the files on your computer or network, making them totally unreadable. The attacker then demands a ransom fee in which they say must be paid to regain access to the files.
Paying the ransom is definitely not advisable though – this just fuels the ransomware world and encourages other cybercriminals to continue to use ransomware attacks. The only way to truly prepare yourself is to get a reliable backup system in place. Our Complete Recovery solution prevents valuable business downtime, backing your data up in to the cloud, allowing us to replicate your servers in a matter of minutes should you lose access to your files.
Learn more about our Complete Cyber Security service.