3 most common cyber security mistakes businesses make
3 min read
22 June 2018
Businesses used to worry about break-ins. But now, criminals are more likely to come in through your inbox than a side door or window late at night. They want your data, your customer’s data, bank details, sensitive financial information and intellectual property.
The locksmiths, CCTV and security guards of the digital world are cyber security solutions. Companies need to take a proactive approach to protecting inboxes, devices and software from external (and internal) threats.
Unfortunately for small and medium businesses, cyber security can seem prohibitively expensive.
Too many companies are making the same mistakes, often without realising it. With the right guidance, advice and support, businesses can avoid these problems and put affordable security safeguards in place that prevent future security problems.
Here are some of the most common mistakes we see time and again:
1. Building ever higher walls
To protect your internal systems, you need walls. As a way of staying secure, this is deeply embedded in human thinking over thousands of years. However, when it comes to cyber security, stronger, taller walls are no longer enough.
Threat profiles are constantly evolving. What keeps one malicious piece of software out won’t necessarily keep out the next. And what happens when something gets past your perimeter defences?
Attacks are more often coming from within, via phishing emails, social engineering or malicious insiders. While perimeter fencing is a basic essential, walls won’t prevent every attack.
Who’s patrolling the inner corridors of your IT infrastructure, checking for unusual behaviour and actors that have got in through the back door? Internal monitoring and defence systems (to watch for cyber threats and employee actions) are just as important and something many companies miss, too focused on the external risks.
2. Gaps in the defences
Firewalls and anti-virus software are popular with many businesses; but they shouldn’t be the only form of defence companies use. Too often, threats get through where there are gaps, overlooked weaknesses or where budgets don’t allow for more comprehensive safeguards.
For example, a common mistake is not to patch vulnerabilities when a vendor issues one. The Equifax data breach was a result of poor patch management.
Protecting your business with firewalls and anti-virus alone is no longer enough.
3. Insufficient support
As a business owner, senior leader or IT manager in a SMB, picking the right security software can be daunting. Unless you are a security expert, it can be difficult to know what you need. And even after that, some pieces of software have multiple features that could be extremely useful, if only you knew how to use them.
Too many software packages are sold with insufficient support and self-serve guidelines. Knowing how to use an out-of-the-box solution correctly could make the difference between a successful defence, or a data security nightmare. With the right support, this should be a lot easier.
Andy Samsonoff is CEO of invinsec