Many small businesses have enough on their plate already. Managing staff, stock, social media, taxes, customers, etc, the list just goes on. When you are using the internet for your business, whether you are a traditional bricks-and-mortar or fully online business, security becomes another issue that you just don’t often have the time for.
But by being online, there is simply no getting away from the fact that you need to be conscious of online security and attacks. Get your business into a good place by avoiding these 10 mistakes when it comes to cyber security.
1. Not securing all the devices on your network
It can be easy to launch into installing anti virus on your laptops, password protect your servers and feel you’ve gotten on top of things. Before you can secure your computer systems, you need to know what computers you are working on, how many there are and where they are. You could spend time and energy securing nine devices, and forget completely about some device in the corner that you haven’t thought about in ages. These are exactly what hackers are looking for. Even large businesses have been hacked through their internet connected printers, speakers or even fish tanks! So before getting stuck in, assess your network for exactly what devices are connected and online. You may even find some old rogue device that was meant to have been gotten rid of ages ago, or one which shouldn’t be connected to your network at all!
2. Spending a lot of money
It can be tempting to throw money at the problem of security, and there are many vendors out there who will gladly accept your hard earned cash. If money is tight, especially for small or startup businesses, you can do a lot by covering the fundamentals such as regular patching and backups, using strong and unique passwords, and taking the time to configure your devices and online accounts correctly. These don’t require any financial input, just some time, and you are immediately streets ahead of businesses who simply aren’t as security aware, and more exposed to a cyber attack. Once you have these taken care of, you can invest in more sophisticated solutions or monitoring, but get your fundamentals down first.
3. Thinking more technology is the solution
Similar to the point above, throwing more technology into the mix without taking the time to understand what it is going to do for you will not serve you fully. Many businesses have a patchwork of devices and levels of security across their network. Adding more tools or programs into the mix without fully assessing what they will do for your unique IT environment will provide you with a nice feeling of doing the right thing, until a hacker has a chance to spend a few weeks roaming around your network. Assess the variety of devices on your network, understand where the gaps in your security are, and focus on fixing them.
4. Not involving your staff
Your staff are your businesses biggest and best asset when it comes to maintaining the security of your data. Keeping them informed, trained and alert to attacks is one of your best opportunities to spot an attack in its early stages. Are they seeing unusual behaviour? Are they seeing and reporting phishing emails? Are they educated in the security practices of the business, rather than seeing them as a hindrance to doing their jobs? Very few cyber attacks occur without involving people within the business, so proper training and inclusion in security planning is a strong first pillar in your cyber defences.
5. Getting overwhelmed
As was mentioned earlier, securing your business can be just another headache to have to deal with when you are already juggling orders, customer service, suppliers, etc. It can be easy to get overwhelmed and put it all to the back of your mind, especially if you are a small business or not comfortable with technology. Start small, map out the devices that need your attention, and make a plan. Then follow your plan, even if it is a little every day. Hackers are always looking for the low hanging fruit, the soft options, and you would be surprised at how big a difference you can make by taking small, consistent steps.
6. Thinking Anti-Virus is a catch-all solution
For some reason, ‘anti virus’ has become a by-word for a total security solution. People often think that if they have anti virus installed on their laptops they must be protected. In truth, AV is responsible for catching about 20-30% of malware infections, and then only if it itself is maintained. More often than not, you find that the licence has lapsed. Anti virus will not protect against more prevalent problems like phishing emails or the problems we see globally with ransomware currently. AV has its place in an overall IT security program, but it is not the whole program.
7. Not updating your systems
Keeping your systems patched and updated is a cornerstone of a responsible IT security program. This includes your computers and servers themselves, as well as the programs which run on them. New bugs are constantly being found, some of which can allow hackers to access your data, and developers are constantly releasing patches to protect against this. If you don’t install the patch, you are fighting an unequal battle. Hackers are constantly watching for new patches, as they know people will be slow to update, giving them an uneven advantage. Make a list of the programs and systems within your business, and schedule in regular update checks to stay at the top of your game.
8. Using the same passwords everywhere
I know, I know, passwords can be a real pain to have to deal with. How many different times do you have to log in to something each day – twenty, thirty, more…? It can be really tempting to just make life simple and have the one password for all of your logins. The problem though is that if one of those websites you log into gets hacked, and it happens all the time, even to big websites, your house of cards will come tumbling down. Hackers take the passwords they steal and start to log in to loads of other online accounts, knowing that people use the same password everywhere.
Search for and use a good password manager you like, like LastPass. These make it easy to create very long and strong passwords which are unique to every website you need to log into, and they solve the problem of having to remember or even type them in for you also.
9. Thinking you are too small to get hacked
Hackers are looking for sites, servers, in fact anything they can break in to. Yes, there are many targeted attacks, but there are many, many more cases where an attack happened simply because the attacker was able to find a weakness in someones website or business network and take advantage of it. Once they are in, they can start exploring to see what they can find, or launch ransomware which will encrypt and lock up all of your data, and force you to pay up for it if you want it back again. Opportunistic hacks are just as appealing to hackers, especially if they can then start to use your servers and systems to launch hacks against larger targets, as it looks like the attack is coming from you, allowing the hacker to further hide their location and identity.
10. Not asking for help
In todays digital economy, cyber security is not something you can avoid for long so reach out and get help. This is about preventing larger and more costly problems in future, and giving yourself a solid foundation on which to build your business, especially if you have any dealings online. If you need help, guidance or someone to take the lead in making sure your business is hardened against attack, and set up to grow securely into the future, ask for help early on in your journey.
If you are interested in getting some advice and help or have some specific questions about how to secure your IT systems, feel free to contact me and we can talk about how to get your business protected and secure against online threats.