Cybersecurity is complex, and when it’s not your specialty it’s easy to make mistakes in your policies and processes without even realising it! And with the costs of cyberattacks set to reach US$10.5 trillion by 2025, it’s worth doing everything we can to close these vulnerabilities. Here are some common cybersecurity mistakes businesses are making – and how to avoid them.
#1– Thinking you’re not a target
You might be a very small business, a very new one, or in a low-risk sector – but in reality, there is no such thing as not being a target. Although big breaches at major companies make the headlines, the majority of breaches and attacks happen against SMBs because they usually have a lower level of security. In fact, 4 in 10 Aussie SMBs have experienced attacks since the pandemic, resulting in “loss of reputation” (38%), “loss of clients” (35%), and “loss of employees” (12%). Remember, if an individual can be vulnerable in their personal capacity, any business can be too.
#2–No access management
Access management for data is critical for protecting your business. It works by setting permissions for what each staff member or team can access based on their job role, so it doesn’t affect productivity. However, it means that if a team member’s access is compromised, hackers can only get into limited portions of your system, protecting your most sensitive data. It also protects sensitive data from human error as a staff member can’t accidentally delete something or change it unless they have permission, and it allows you to remove permissions when a staff member leaves.
#3 – Not updating software
Yes, updates are annoying and disruptive – but they are necessary too. It’s not just about new features or fixing bugs either. The majority of updates are related to security patches that shore up vulnerabilities in platforms. Hackers are constantly looking for new ways into systems and applications, and companies spend millions of dollars and hours having developers identify them first and send out updates. When you’re ignoring updates, you’re leaving opportunities for attack wide open. Whether your employees work from the office, a work site, or at home, updates need to be a priority.
#4 – Using public Wi-Fi
Public Wi-Fi, like the open networks at cafes, on public transport, and in hotels seems like a dream solution – but it’s very dangerous. Most public Wi-Fi networks have no encryption, so your data can be intercepted easily. There are also open Wi-Fi networks that look like they’re set up by a legitimate service but have been set up by hackers themselves. Unsecured public Wi-Fi also allows people to listen in on your communications and record private information, known as man-in-the-middle attacks. If you are using public Wi-Fi, always use a high-quality VPN, prevent your device from auto-connecting to Wi-Fi spots, and always disable file sharing.
#5 – Not using strong passwords and MFA
Many people default to easy passwords they can remember – except these are easy for hackers to guess too! Instead, it’s worth using a password manager that generates and stores strong, randomised passwords that are very difficult to hack. The bonus is that you don’t need to remember them, and you can change them very easily. But what if a hacker intercepts your password? Well, that’s why we also recommend using multifactor authentication (MFA). This is when a second channel or device is needed to grant access, often by sending a one-time PIN, and is best used for accessing a device or sensitive information/files. It’s quick and easy, and even if your laptop is stolen, for example, hackers can’t access your files even with the password because your mobile device will also be required.
#6 – Not training your staff in cybersecurity
IT security is not just the manager’s job or the responsibility of your CIO – it’s everyone’s job. The vast majority of breaches, a massive 95%, are caused by human error, often as the result of clicking on an infected link, phishing attacks, smishing attacks, avoiding software updates, and more. When your staff don’t know the risks they are facing or how to avoid them, they’re a massive risk to company IT security and their own personal data security. Comprehensive staff cybersecurity training should include all your staff and teams, transforming them from your biggest risk into an effective layer of cybersecurity.