Every single day, I learn about more cyberattacks. They’re in the news. They’re happening to our clients. Sometimes people are even trying to attack us. And I keep wondering to myself – what is it that we can do to stop this barrage.
The fact is the cyber attacks are a reality that we have to learn to deal with. They’re not going anywhere, and they’re not slowing down. If anything, attacks are ramping up and becoming more and more sophisticated. So what protection do we have against them?
The answer lies in cybersecurity.
I talk about cybersecurity so often that sometimes I have to take a step back and realise that not everyone has a cyber security definition at hand. So what is it, and why does it need to be a priority for your business?
Cyber security is all about the actions that your business takes to protect itself in a digital world. It’s an overarching term that encompasses a wide range of IT security techniques and best practices. There’s email security which protects your communications, but also does so much more. Compromised emails, after all, can provide attackers with further access to your business data and client base, further compromising your information security as well. There’s network and device security, which protect your humans and their phones, laptops and computers, but can also prevent unauthorised access to your files and data.
Because cybersecurity is such a broad term, the list of what it includes goes on and on. But the real question is, why is it so very important for businesses to up their cybersecurity game?
The Importance Of Security In A Digitised World
The importance of security in general is obvious for businesses. It protects their investments and assets, protects their reputation, and can result in significant financial strain if ignored. It’s why businesses take our insurance, put alarm systems in their offices, and carefully vet new staff members to ensure that they don’t pose a threat to their security.
But in today’s modern world, physical security measures are not enough. Just about every business in the world has a digital footprint that they need to protect. It can be made up of devices that need to be secured against viruses, malware and ransomware. It can include information – from data about inventory, to intellectual property, to personally identifiable information about yourself, your employees and your customers – which needs to be protected against data breaches. It can be online platforms and apps that your business uses and that are critical to your operations, all of which need to be protected against cyberattacks.
Because the business world has gone digital, a single cyberattack has the potential to cause more damage than a break in or robbery at your office would ever manage. This is why cybersecurity is a critical area that businesses need to address. And yet, even businesses who recognise this, who know that they need to be protecting their data, devices and digital assets, still fall victim to cybersecurity gaps.
5 Common Cybersecurity Gaps to Address in Your Business
When most business think of cybersecurity, they think of anti-viruses, of tools that they can use to protect their devices, login credentials and more. But there are five common cybersecurity defensive gaps that most businesses don’t think about, or even realise are problems that need to be addressed. And any cyber defence gap can be an entry point for an attacker to take advantage of.
1. Human Error
You may think that I’m talking about internal IT threats here – those employees who intentionally sabotage your business. But in reality, 95% of cybersecurity breaches are caused by human error according to IBM.
A simple mistake like clicking on the wrong link in a seemingly legitimate email, or sending a mail without double checking the sender, or downloading an attachment that turns out to be malware, can result in a cyberattack that costs your company millions of Rands (or hundreds of thousands of pounds). After all, the average cost of a single attack for a small business is reported to be $200,000 (which is the equivalent of over R3 million, or over £150,000).
2. Bad Online Habits
These can range from using the same passwords in multiple login credentials, to sharing personal details publicly across social media platforms, to logging onto public wireless networks without protecting yourself through a VPN.
Bad online habits are easy to form, and it’s easy to think that since they are personal habits, rather than professional ones, they won’t have an impact on your business. But these bad habits can make you and your teams vulnerable to various types of cyber security threats, like password hacking, social engineering, and man in the middle attacks.
3. Thinking They’re Too Small A Target
Why would an attacker want to target you? You’re a small business – small fry compared to companies like banks and financial institutions. They’re the ones who will see an attacker getting a big pay-day.
What really happens though is that large businesses have the budget to allocate to cybersecurity, and protect themselves as far as possible. Small businesses, on the other hand, are often targeted because they are unlikely to have cybersecurity measures in place, or be as strict about them. They may offer smaller pay-outs for cyber attackers, but when those attackers target multiple small businesses who are unprotected, those smaller amounts quickly add up.
4. Thinking New Technologies Will Fix Everything
It’s a natural impulse. You know that there is a problem that needs to be fixed – your cybersecurity needs to be improved. There are plenty of apps and technologies out there that claim to be the one fix for all of your cybersecurity woes. It could be Defender for Microsoft 365, or a new antivirus, or Multi-Factor Authentication (MFA), or any number of other security solutions. So you implement them all, expecting that they will solve the problem.
But without fully understanding the technologies that you’re implementing, or properly maintaining them, each piece of technology that you add to your tech stack actually increases the vulnerabilities that your business faces. Even excellent solutions, as Defender and MFA are, need to be incorporated into your existing technologies and managed, updated and maintained regularly to effectively protect your business.
5. Providing Too Much Access
You want to make sure that your team members have access to the information that they need to do their jobs. And in a world where remote working is becoming ever more popular, you want to make sure that’s the case no matter where they may be working from, or which device they may be using.
The simplest solution, of course, would be to provide every one of your employees with access to all the files, documents, apps and data that your company uses, and to remove restrictions on which devices can access them. The trouble with this is that it then provides an open door for attackers to intercept. Providing the right amount of access to the right people is a careful balance, and one that is critical to your business IT security.
How Can You Fill These Cybersecurity Gaps?
Just because cybersecurity gaps exist, does not mean that your company has to be vulnerable to them. Just recognising that there are areas where your cybersecurity can be improved is a great first step. But what is the best way to fill the gap for each of these issues? The good news is that each of the problems has a relatively simple solution for how to close the gap and ensure that your business is as protected as possible. Let’s look at some cyber security tips for keeping your company secure against threats:
This is the number one solution that so many companies underestimate, not just when it comes to cybersecurity, but for technology adoption, understanding and implementing best practices, and so many other areas that are critical to your business’ success.
Regularly training your teams in how to detect and avoid cyberthreats can be the difference between a phishing email being caught and deleted without any action needing to be taken, and falling victim to a ransomware attack that cripples your operations. And you may have noticed the word ‘regularly’ there. It’s important that training isn’t just seen as a once-off initiative.
With every team member that joins your company, you should be conducting training. In fact, you should conduct training every few months, as the threats to your business are constantly shifting, changing and advancing, and what might have been considered best practice at the start of January, could be ill advised by the end of December.
2. Cyber Hygiene Practices
In the same way that person hygiene means taking steps every day to maintain your health and wellbeing, cyber hygiene involves making simple changes to your routines that see you and your teams protecting yourselves and your business.
Good cyber hygiene practices range from protecting your passwords and upping your email security, to backing up your files on a regular basis, to keeping your antivirus up to date and personalising your router’s settings.
We’ve even put together checklists for personal cyber hygiene practices that you and your employees can implement, and business cyber hygiene practices that your company should be putting in place to protect itself.
3. Disaster Recovery Planning
Because the threats to your business regularly shift and change, you’ll likely find that there will always be some cybersecurity gaps in your protection strategy. But there are also ways to protect business and your data, so that even if an attacker does find a gap in your defences, you will still be protected.
Having a Disaster Recovery Plan (DRP) is one of those defences that your business can put in place, so that even if an attack does occur, its impact is minimised. A good DRP includes maintaining backups that can easily be restored in case of an attack, assigning roles to team members so that the responsibilities for recovery are understood and efficiently managed, and having a communication strategy to ensure that the impact for your clients (and for your reputation) is minimised.
Want to learn more about what should be on your Disaster Recovery checklist? Check out our blog.
4. Strategic Technology Planning
Implementing new technologies is not always the right solution. As I mentioned earlier, each piece of technology adds to your business’ risk. This is why it’s important to take a step back and look at your technologies as a whole – what they add to your business, where vulnerabilities lie, where training and adoption is needed, and where implementing new technologies will help your business to optimise cybersecurity and to grow.
Strategic technology planning is about more than just taking new tech onboard. It’s about performing an IT audit that looks at your business in its entirety and every piece of technology that you’re using. When done right, it will include a plan for upgrading and maintaining your existing systems, as well as introducing the right new technology solutions, all within your budget at a predictable monthly cost.
5. Identity And Access Management
Making sure that the right people have the right access without compromising on your security does not have to be an all-or-nothing scenario. Identity and Access Management (IAM) tools help you to not only assign permissions to your team members, but to set up alerts when team members who do not have the necessary permissions try to access files. You can even assign permissions to groups, making it quick and easy to add new team members, and to remove access when an employee leaves your company.
How Can Solid Systems Help
At Solid Systems, we have decades of experience in helping businesses to protect themselves against growing threats. Whether we’re implementing world-class technologies, helping companies to adopt MFA across their businesses, conducting regular team training sessions, onboarding and offboarding devices to ensure endpoint security, or any of a hundred other small steps that we take to bridge cybersecurity gaps, when you work with Solid Systems, you can rest at ease, knowing that your IT is in the right hands. If you’re ready to put cybersecurity first, get in touch with us today, or book a consult to go through any cybersecurity gaps that your company may be experiencing.