It feels like we’re being warned about a new threat to our cyber security every day, doesn’t it?
That’s for good reason. Last year, ransomware attacks alone affected 81% of businesses.
And the cost of cyber-crime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’.
But we’re still seeing far too many businesses that aren’t taking this threat seriously. People often don’t realize that it’s not only their data they could lose if their company falls victim to a cyber-attack. The cost of remediation or mitigation alone can run into tens of thousands.
It is also crucial to keep in mind that you’ll suffer an average of 21 days of downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about.
That’s not to mention the loss of trust your clients have in you, which could lead to you losing their custom.
As a business owner, you have to take appropriate steps to keep your data safe and secure.
That most likely means adopting a layered approach to security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business.
This reduces your risk of being attacked and makes recovery easier should you fall victim.
It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).
No, the key to excellent cyber security is striking the right balance between protection and usability.
There are three mistakes that are most commonly made by businesses – they’re also some of the most dangerous mistakes to make.
Is your business making any of these?
Mistake 1) Not restricting access.
Different employees have different needs when accessing company files and applications. If you allow everyone access to everything, it opens up your entire network to criminals.
You should also change access rights when someone changes roles and revoke them when they leave.
Mistake 2) Allowing lateral movement.
Cyber criminals gaining access to a computer used by a member of your admin team in itself might not be a disaster. But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?
This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.
If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.
Scary stuff.
One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another. With no physical link to the outside world, your computers and/or network are prevented from making external connections. Security guaranteed, in theory. But it is not a very usable strategy.
A more practical strategy approach is the implementation of multi-factor authentication for access to internal systems, applications, and even data and event monitoring detection. Detecting threats, compromised account activity as well as insider privilege misuse and abuse goes a long way in preventing unwanted lateral movement.
Mistake 3) Not planning and protecting.
Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place. And will be back on their feet faster if the worst does happen.
You should also have an up-to-date plan that details what to do should an attack happen, as this will significantly shorten the time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.
If you know you’re making one (two, or even three) of these mistakes in your business, and you’re unsure how to find the right balance between security for your network and productivity for your team, let’s schedule some time to talk.
No obligations, no strings attached, just 15 minutes of your time to help you get started.