A short article explaining 6 cybersecurity mistakes that small and medium-sized businesses are making and how to prevent them.
Businesses are more reliant on digital connectivity than ever before. Workforces are more geographically diverse than ever before, and cyber criminals are exploiting this opportunity to target businesses of all sizes.
As a result of this, cyber threats and data breaches are at an all-time high. In fact, with Check Point Research found that globally, businesses experienced 50% more attack attempts per week on corporate networks iyear on year.
While cybercriminals are using new and more sophisticated techniques, many successful attacks are because of often quite simple cybersecurity mistakes. To help your business improve stay safe in this evolving threat landscape, this blog post will outline the most common cybersecurity mistakes that businesses make.
My hope is that by the end of this article, you’ll be equipped with the knowledge you need to prevent your business from making the cybersecurity mistakes as well.
1. Having weak passwords
Many users still rely on passwords as the first and only line of defence for protecting the critical business data. Furthermore, out of fear of forgetting passwords, many people use the same simple password for multiple accounts, rather than creating a complex password that’s harder for a cybercriminal to guess.
Even today, according to NordPass, the most used commonly password worldwide was “123456”, while “password” was number 5. Simple passwords make a hacker’s life easy. Cybercriminals utilise weak passwords to access business accounts, which can lead to an entire organisation’s database being exposed. If a hacker can access your device, they could also end up accessing important company data.
But how can you prevent this from happening?
You could prevent this from happening by introducing an IT policy that requires your employees to follow a strict set of guidelines when it comes to setting their passwords.
For instance, you could require them to have passwords that have a minimum of 12 characters, containing a combination of uppercase letters, lowercase letters, numbers, and special characters. Secondly, you could also require your employees to change their passwords after a specific period, like every 2-3 months.
A secure password management can also help, providing a secure way to store and manage passwords, overcoming the challenge or memorising complex passwords.
2. Not using multi-factor authentication (MFA)
Although setting a secure password will dramatically reduce the likelihood of your employees’ devices or accounts from being breached, a password alone isn’t enough to protect your them.
MFA is a simple way to layer up account protection. MFA is the use of different methods such as biometrics (face ID/fingerprint) or one-time codes, as an additional layer to your sign in process.
How does MFA work?
Let’s say your employees are going to sign into their work account, and they successfully enter their username and password. If they don’t have MFA enabled and that’s all they need, they’ll be able to sign in just like that.
But unfortunately, that means that if anyone in the world knows their username and password then they’ll be able to sign in too.
On the other hand, if they have multi-factor authentication enabled, then the sign-in process in will not be as easy as that. With MFA, the first time they enter their username and password to sign into their device they won’t just be let in.
Instead, they’ll be prompted to enter at least one other factor to verify their identity. This could be a one-time code or an authenticator app on their smartphone, where they’ll be shown a unique randomly generated 6-digit number. They will then have to enter this number into the log-in portal that they’re trying to access.
This then verifies they are who they say they are. The added layers of security involved in MFA makes the life of a hacker much more difficult, so they end up abandoning their malicious plans.
3. Allowing employees to use public Wi-Fi
You’ve probably heard someone talk about all the risks that come with using free, public Wi-Fi connections. While it may be easy to overlook when you want a convenient way to access the internet when working on the move, these risks are very real.
Using public Wi-Fi connections can be very dangerous, as most of these connections aren’t secure. This means hackers can capitalise from this lack of security by access employee devices and data.
However, you can prevent your employees from being subject to this type of cyberattacks by strongly advising them against using any public Wi-Fi. Ideally your employees should only be using a secure home network.
If you do find yourself in a situation where you have to use public Wi-Fi, ensure you’re using a virtual private network (VPN). A VPN protects you by creating a “tunnel” for all your traffic, which is protected by end-to-end encryption.
4. Lack of awareness around phishing e-mails
Have you ever received a random email from a suspicious-looking e-mail address, asking you for some of your personal details? If you have come across this, then it’s highly likely that this was a phishing attempt.
According to Deloitte, over 90% of cyberattacks begin with a phishing email, while more than 30% of successful breaches utilise one or more phishing techniques. But what is phishing exactly? And how can you spot a phishing attack?
Phishing is the fraudulent practice of pretending to be reputable companies or individuals, typically via email. The aim is to encourage people into making cybersecurity mistakes and reveal information, such as their passwords or account details, or click harmful links.
Phishing works when hackers get unsuspecting people to commit their desired action and is increasingly common as employees are so busy or unaware of the signs.
Irrespective of what the call to action is, the outcome can be extremely detrimental to your business if a hacker gets access to any of your sensitive data or information.
Over the years, phishing techniques have developed tremendously, becoming more and more sophisticated. These days they appear to be more realistic than ever. So, training your staff to recognise and avoid falling for these phishing emails is extremely important. It’s important to make sure staff adopt a zero-trust approach to emails and phone calls.
Employees should look out for disparities in email addresses, suspicious looking email footers, or things like grammatical mistakes. If anything seems off, they should verify the sender through an alternative communication channel.
5. Overlooking data backup and recovery
A common cybersecurity mistake that a lot of businesses make is not backing up their data. Keeping copies of your most sensitive data in different locations is extremely important because it can act as a preventative measure against data loss in the face of an attack.
As a business owner, you should always remember that natural disasters like fires, floods, earthquakes, and tornadoes could occur at any moment.
Therefore, storing all your businesses data all in one place is not a safe or smart choice. This is because, if your data storage hub is destroyed, your business could end up being on the verge of bankruptcy.
But why could this be the case?
Findings from the Federal Emergency Management Agency (FEMA) revealed that over 40% of businesses never re-open after a disaster. However out of the ones that do, just 29% of them continue to operate after two years.
And guess what happens to the businesses that lose their IT and data for nine days or more after the disaster?
They go bankrupt within a year.
These findings illustrate just how important it is to keep your businesses data always protected. One way you can do it is by constantly backing up your businesses data in the cloud.
6. Not having a firewall
Not having a firewall is a common cybersecurity mistake that businesses make. However, this mistake isn’t made because of business owners’ unwillingness to invest in one, but more because many business owners aren’t even aware of what a firewall is.
What exactly is a firewall and why does it matter?
A firewall is a computer network security system that restricts traffic in, out or within a private network. It can be viewed as a border that exists to manage the travel of permitted and prohibited web activity in a private network.
Having a reliable firewall is an extremely important consideration in cybersecurity because it will monitor your network traffic and protect it from viruses and malicious code. A firewall will help ensure that your network is safe.
These are just some cybersecurity mistakes that your business and many others could be making without knowing. We advise you to do everything to avoid making these mistakes at all costs. This is because making them could cause your business fall victim to a cyberattack, leading to financial and reputational damage.
Want to learn more about protecting your business?
The 848 Group is an experienced IT solutions and cyber security partner. We are Cyber Essentials certified and have a dedicated security practice with a team of cybersecurity specialists. If you would like more information on how to protect your employees whilst they’re working remotely, then please get in touch with 848.
Thulani is a digital executive and technical writer for The 848 Group. He researches new and emerging IT solutions and constructs relevant content that is both informative and easy to digest. Thulani writes articles that provides clear insights for business users.