Data breaches reached a record pace in 2019. In August security provider Norton reported 4.1 billion records had been exposed and there had been an increase of 54 per cent in the number of reported breaches vs the first 6 months of 2018.
The rise is predicted to continue in 2020 making cybersecurity as important as ever. If you're not sure if your business has enough protection some key areas can easily be improved to reduce the risk of cyberattacks.
We've identified 10 signs that your business is at risk from cyber attack.
You use weak passwords
Or the same password for all your accounts. We know why it happens but using weak passwords or the same password across multiple accounts will put your business at risk.
Does your company have a password policy? Do your staff know the best behaviours for creating strong and unique passwords? Weak passwords are a hackers dream because much of password hacking is now automated they don't need to work hard to crack them.
The same goes for using the same password across different accounts. If one of the companies you have an account with is breached the hacker has the password you use on all your accounts. One breach has given them access to all your accounts.
Train your staff on how to set strong passwords and the importance of regularly updating them. Using a password manager is an easy way to manage lots of unique, complex passwords.
You don't provide cybersecurity training to your staff
88 per cent of UK data breaches are caused by human error. That's an eye-opening statistic. No matter what you do with your cybersecurity, if you're not training your staff it will likely be for nothing.
If your staff are trained on the latest hacking and social engineering threats they are less likely to fall victim to hackers. 95 per cent of successful cyberattacks are the result of phishing scams. So you must be training your staff on how to deal with phishing emails.
You will need to train them regularly as well. Cybercrime is very lucrative at the moment so the sophistication of cyber-attacks and social engineering is continuing to improve. So what might have been good security advice 6 months ago might not be valid today. Staff training can't just be one and done, it needs to be an ongoing activity.
You have no cyber-security policies
So, now we've got you training your staff on cybersecurity best practices it's time to put a cybersecurity policy in place for your business. As you've already read human error is one of the biggest factors in cyberattacks. One click of a malicious link can undo all the good work done by virus protection and firewalls.
To help with the training they are doing you need to put in place a cybersecurity policy. This will help when inducting new members of staff to the business as well as maintaining security commitment across the whole of the business.
You don’t have data control policies
You should have already done work on this because of GDPR. Data control policies make sure only the people who need access to certain data are the only people who can access it.
Locking down access to your data is a big step to keeping it well protected. Limiting the number of people who have access to it will give hackers fewer access points they can target.
If a company laptop gets lost or stolen, data control can make sure that any data on that device can no longer be accessed. Without policies in your business to control data it can be difficult to determine what security vulnerabilities you actually have.
You don't have an IT security budget
Even a modest investment in security training has a 72 per cent chance of reducing the impact of cyberattacks. We are living in a world where the threat of cyberattack isn't going away. So a business needs to take that threat seriously and that will involve spending some money.
We have already discussed training and that has its costs but there are other areas of investment that can help your business. Updating firewalls or using anti-virus software is an example. You might want to outsource your cybersecurity completely. These are all good options but they do come with a cost.
That cost, however, will pale in comparison to that costs that come with a data breach. 60 per cent of small businesses go out of business after a data breach. Suddenly training or expert help doesn't seem that expensive.
You’re using an old operating system
An operating system is the software that manages the hardware and software on your device (for example Windows on your PC and Android on your phone). They all come with security updates that will fix any vulnerabilities that have been previously exploited by hackers.
If you are using an old operating system, that is out of life, then you will no longer be getting those security updates. If that device is connected to your network then your whole business is vulnerable to attack.
The biggest example of an out of date operating system is the now end of life Windows 7. Any business that is still using Windows 7 will now become a target to hackers because there are no more security updates are no longer plugging the holes they have exploited.
Your staff use their own devices
There are plenty of benefits to staff using their own devices but you must address the security concerns that come with it. Staff using their own devices makes it harder to track what operating systems have access to your network. Also, each device is likely to have different levels of security in place.
Keeping track of data is another concern with staff devices. It's best to keep your sensitive data in the cloud so it can be accessed but not stored on staff devices. Also, consider what devices you give access to your network. They might already be infected and adding them to your network will then infect your whole business.
So, while allowing employees to use their own devices can bring a host of benefits, it’s important to manage the process with documentation and training in place to help staff work safely.
Your anti-virus software is out-of-date
Cybercriminals are constantly evolving the malware and viruses they use. As hackers evolve security updates are needed to fix the vulnerabilities being attacked. That is why it is so vital to keep your anti-virus software up to date.
Security right now is an ongoing battle between the criminals and the providers. As the criminals work on new ways to exploit vulnerabilities in a product the providers have to create and install fixes to cover those gaps.
Talk to your IT support provider to make sure you have the right anti-virus software in place and that they are continuously able to keep it up to date.
Former employees still have access
Depending on the size of your business you might not have a clear process for handling the technology of former employees. It might not seem a priority to remove their access or to change passwords but it's important to your security.
Some people can leave on bad terms and if they still have access to your data they can cause a lot of trouble. Or it's possible that they simply forget they have details stored on their device. If it gets stolen or hacked if those login details are still valid the cybercriminals have access to your data.
You think you're too small to need to worry
Sorry to break it to you but your business size is not a defence. Cybercriminals don't just go after the big companies. Because smaller businesses often don't have the resources or time to properly protect themselves they become easy targets. For those that still think they don't have to worry about cybersecurity because they are too small to be a target, the cyberattack is just around the corner.
Apathy might be a companies biggest vulnerability when it comes to cybersecurity. You are never too small to be targeted. You have never done enough to be safe and if you think it can't happen to your business then you're wrong.
Cyberattacks are not going away. In fact, they continue to increase in number. It's hard for any company to be 100 per cent secure but there is plenty you can do to better protect yourself.