Five Cybersecurity Mistakes and How to Avoid Them
The consequences of poor cybersecurity can be devastating, not only for your business, but also to the people whose information has been accessed illegally. We have collated the five most common mistakes and ideas on how to avoid making them in your business.
- The idea that a cyber-attack will be huge
One of the myths around cybersecurity is that any attack or breach will be enormous and devastating immediately. Mainly because the only stories we read in the media are where breaches have affected millions of people’s data.
However, this is not true. Tim from Calix shares that many attacks actually infiltrate on a small scale and then continue to breach the data over a long period of time. In his experience, if your business isn’t set up to spot this, by the time you do it can be too late.
Solution: Tim recommends having a central point where your systems are being continuously monitored. That way, even a small anomaly will be detected and can be dealt with immediately. This needs to be a dedicated approach, not just an add-on to an already busy IT person’s role.
- Failing to keep software updated
Hackers and cyber attackers are increasingly sophisticated and unfortunately this means that if your software is old or out of date you are even more at risk of suffering a breach or attack. Companies might try to save money by continuing to use outdated software or think that its simpler not to have to retrain staff on new systems.
However, this is one of the common mistakes which puts businesses at much greater risk of cybersecurity problems. Relying on systems that haven’t been updated for years means they are much easier to access.
Solution: Make sure all system upgrades and new versions are always installed and used as they will bring in added levels of security and protection for your business. The cost of upgrading and training will be far less than the devastating impact of a cyber breach.
- Not having a crisis response plan
Too often the responsibility for dealing with a breach is put down to the IT team, and while they might need to sort out some of the technical aspects of getting the breach blocked and the system up and running, they are just one part of coping with the aftermath.
However, the company’s relationship with its customers, its suppliers and its reputation are all on the line following a data breach and these aspects need to be thought about in advance so there is a plan in place to deal with the corporate issues as effectively as the IT ones.
Solution: Have a management-led incident plan in place, should the worst happen, which clearly outlines all the steps to be taken in case of a breach, from reporting it, to communication with staff and customers. Hopefully you will never need it but it’s better to be prepared.
- Not having a business continuity plan
While a crisis plan deals with the actual breach incident, another mistake which companies often make is not thinking about how they will continue to run if their systems were compromised in any way.
If the IT team has to close off access to all company emails, data and other online systems, how is the business going to continue? It can take time to detect and resolve a data breach or virus problem, during which the company could end up losing a fortune.
Solution: A business continuity plan should be in place to outline exactly how everyone could continue to work in the aftermath of a cyber-attack. Having a remote back-up of all systems and information is a vital part of this continuity plan.
- Under-estimating the wider impact of a data breach
Unfortunately, many organisations have found out the hard way, the enormous impact a breach can have. We have talked about the impact on the IT systems, and on the business reputation, and most businesses don’t think beyond that.
However, any information that was stolen from your company can be used in ways that could damage the owner of that information, so a breach can leave a company liable for much more than most will have anticipated.
Solution: When planning for the aftermath of a potential incident, it’s important to assess the wide-ranging liability including data breach fines, the potential for the information stolen to be used for blackmail, claims against the company from customers. Over-estimating the impact will put the company in a much better place than not thinking about it all properly.