Before we get to most common cyber security mistakes made by enterprises, let’s take a step back and think about the world of 10-15 years ago. Remember how it was? If you’re like most people, you’d be using a flip phone, you’d be using that creepy landline phone, you’d be ordering food over the phone, you’d be renting DVDs, and you’d be using those confusing street maps. Now that we look back, we can’t help but feel weird about it.
That’s because technology has touched almost every aspect of our lives and changed it forever. Whether it’s the way we communicate, the way we eat, the way we travel, the way we get entertained and—most importantly in the context of this blog—the way we work. Digitization has disrupted almost every type of business—whether small or significant—and has made everything smoother, faster and efficient. But as Richelle Mead says, “Most good things come with the risk of something bad.” Here, this risk comes in the form of cyber-attacks.
There was a time when only the big firms used to care about cybersecurity because they had to, you know. Nobody used to care about the cybersecurity concerns of SMBs—just like your Facebook cover photo. That time is long gone, and the tables have turned (nobody still cares about your Facebook cover photo though). It might seem counter-intuitive, but around 95% of reported credit card breaches hail from small businesses. So, it’s dead wrong to think that SMBs are not spared. They should care for it even more as 60% small businesses close after suffering a data breach.
So, it’s pretty clear that cyber-attackers spare no one. That’s why having proper people, infrastructure, policies, and strategy is of paramount importance. And the enterprises seem to have understood this. They’ve started taking cyber security seriously and have begun taking proper actions. While doing so, many commit mistakes that come back to haunt them. To avoid such errors and their implications, we’ve come up with the five most commonly committed mistakes by businesses.
Here are the five most frequently made cybersecurity mistakes by enterprises. Watch out for these!
1. Who is going to attack our business? We’re not Apple or Google.
This is attitude problem more than anything else. As I made it clear before, smaller businesses tend to get targeted more by cyber perpetrators. Do you know why? That’s because of this we’re-not-Google-attitude. Because of this attitude, many SMBs don’t take cybersecurity seriously, and that’s exactly what hackers want. Such dubious stance results in weak security practices and that ultimately results in…you can guess the rest.
2. Not training the staff
It’s no secret that employees are your most significant cybersecurity risk. A wrong click at the wrong place could make you fall prey to a phishing scam. We’re not telling you to enroll every employee for a cybersecurity course (it’d be great if you could do that), but we’re telling you to get them aware of the basics through proper training by an expert. We also suggest making security policies and guidelines that include the use of security practices such as antivirus, strong passwords, using secure protocols, encryption software and two-factor authentication. Such policies create ‘security-first’ environment—something that’s needed to thwart cyber attackers.
3. Not updating on time
Let’s get this clear, updates come with a purpose, and that purpose is improvement. Newer versions comprise of patches, security updates that protect you against security vulnerabilities of past releases. No matter what it is, your antivirus, your OS, browser, protocols, server updates…your IT department must make sure that updates are installed on time every time.
4. Not investing in cybersecurity
Unfortunately, many companies still don’t see cybersecurity as something worth investing in. Whether it’s people, security software, software devices, monitoring systems; this is the time when you cannot afford to take security lightly. See a security consultant, let him/her do a security testing, and s/he will tell you what’s needed.
5. “The IT guy will take care of it.”
You hired an IT person. Read it again; you hired an “IT” person. But it’s never a good idea to expect an IT person to take care of everything. This has to do with skills as well as priority. S/he might not have a vast knowledge of security. And even if s/he possesses, s/he must have a plethora of other responsibilities. Maintaining the security requires a lot of attention, and your IT person might not be able to give it. That’s why hiring a security specialist on permanent or consultation basis is essential.