An article in BRINK has revealed the most common cyber security mistakes businesses make and how to avoid them.
Just as one-size-fits-all clothing does not quite ‘fit’, there isn’t a perfect one-size-fits-all cyber risk plan for businesses either. There are, however, core security principles every business should uphold.
If your business has its head in the sand when it comes to cyber security, take note. These are the four most common mistakes businesses make when trying to protect themselves, and how you can avoid them.
Mistake #1: Assuming you’re not a target
Regardless of location, whether large or small, almost every industry is vulnerable to attacks. Often, however, it is only big well-known businesses that make the headlines. As a result, businesses who do not handle large quantities of data often believe they are not a desirable target for cyber attacks. In reality, criminals are conducting assault campaigns in every sector. They are trying to penetrate your networks, accessing your information and assets. All businesses will have something of value, including yours. After all, you are in business, and customers are buying what you have.
Solution #1: Take the risk seriously. Address cyber security as a business priority. Have professionals conduct penetration tests. Identify vulnerabilities in your businesses technology, people and processes. This way you can build stronger defences.
Mistake #2: Approaching security as just an IT issue
You might think your IT technicians are ultimately accountable, but everyone in your business has a responsibility to protect your business’s core assets. Technology plays a part of your business solution, but it is not all of the solution.
Solution #2: Focus not only on protecting personally identifiable information (PII) but also on guarding intellectual property, trade secrets, research and development. A cyber attack could affect your financial position, reputation and operations. Put clear policies and processes in place. Help your business and employees respond effectively should a cyber attack happen.
Teach your whole business—from the top to the bottom—how to identify, prevent and recover from attacks.
Mistake #3: Neglecting to understand and update your network
Businesses will never be able to prevent every attack; there are too many opportunities to get in. Nevertheless, failing to understand your network and keeping your software updated opens the door for an attack with little-to-no resistance.
Solution #3: Those responsible for your IT solutions must implement strong protocols to ensure all software is valid. The business must know where its critical data is held, how big the network is and where the access points are. A business continuity plan can be critical to your businesses survival. Have a checklist of actions in order to ensure expedience in dealing with any incident.
Mistake #4: Relying solely on anti-virus technologies
In today’s threat landscape, anti-virus technologies alone are not enough to prevent persistent and complex attacks. Hackers evolve their methods faster than security companies can update their tools. What is compounding the challenge is that attackers increasingly employ malware-free intrusion tactics. In fact, less than 40 percent of attacks today involve malware. You cannot rely on security at the perimeter alone to keep your business safe.
Solution #4: Anti-virus software is still useful and must be current. However, responding only to threats that have already been identified is a bad move. Imagine being a supermarket security guard who lets a thief come in because the police have not released a description of a robbery suspect yet. A good security guard knows to look for suspicious activity, regardless of the information to hand. Traditional anti-virus solutions can catch run-of-the-mill malware. However, they are no match for attackers going in with stealthy intrusion tactics. Businesses need solutions that identify threats and the effects of the attack, even if there are no known signatures.
Cyber security does not happen in a vacuum. An all encompassing business plan gives you the best chance at raising the bar on security and keeping the bad guys at bay. Cyber defense tactics and tools cannot remain static. They must be tested, improved and evaluated on a regular basis. Cyber attacks are a threat that has continued to evolve. This means businesses must learn to evolve faster if they are to outsmart the enemy.
Jelf is part of Marsh & McLennan Companies. BRINK combines knowledge and expertise from across Marsh & McLennan and is managed by Atlantic Media Strategies, the digital consultancy of The Atlantic. The content is subject to BRINK’s Terms and Conditions of Use.