When it comes to business security pitfalls, “neglecting the basics” and “lack of documentation” seem to come up most frequently.
According to a study by eSecurity Planet, only 66% of companies worldwide consider themselves truly prepared for security hazards.
Most businesses aren’t even following the five key Cyber Essentials security practices laid out by the government, which include such basic things as installing anti-malware software or using a properly configured firewall.
At some point, one has to wonder if this is a case of consciously cutting corners or a simple lack of cyber security awareness on the part of business owners.
We won’t try to drive those points home even further. Instead, let’s focus on some aspects that even those with a modicum of preparation tend to overlook.
The 5 Business Security Pitfalls
1. Not Vetting Cloud Services
Information sharing and team interactions may have improved dramatically since the introduction of cloud services, but that does not mean businesses should rest easy. Cloud providers aren’t immune to cyber attacks.
Vetting your cloud storage and computing providers is crucial, and the same goes for any third party networking business you might work with.
A company’s own security branch may vet the cloud vendors themselves, but you can rely on independent vetting sources for IT services to do a good job as well.
One relatively crucial cloud service quality not discussed in the article linked above is end-user convenience. More on that topic a bit later.
2. Allowing Personal Devices for Work
It is a costly investment to get business devices for your employees, especially if you’re just starting out. Small business owners may just allow home devices at work to curb some of those costs.
Not only that, but one Frost & Sullivan study says there’s a 34% increase in productivity simply from using personal devices. So it makes sense to allow a BYOD (bring your own device) policy, right?
Unfortunately, that may end up costing you thousands of times more than the price of a tablet or laptop.
While it’s true that annual savings could reach hundreds per employee, the risks of BYOD far outweigh the positives:
- For one, business security protocols need to be consistent across all devices working with sensitive data. This is difficult when everybody has different perspectives on privacy-invasive software and so on
- Home devices could easily be lost or stolen vs. work devices which are (supposedly) stored securely
- Even if your employees are specially trained, personal devices could easily fall into the hands of friends or family. If they’re not as careful, your company data could leak, or the device could become infected with malware leading to more significant damage
And speaking of untrained personnel…
3. Not Training Your Employees
According to Willis Towers Watson and ESI ThoughtLab, nearly 90% of executives see untrained staff as the weakest link in their organizations’ cyber security. “Better judgment” is fallible when it comes to dealing with online threats, so investing in proper training needs to be a top priority for business owners.
This doesn’t just include training to use in-house and out-sourced tools for an average day’s work. To save many headaches (and your bottom line), make sure to teach your entire company staff:
- How to recognize cyber threats such as phishing scams (which account for 90% of data breaches)
- The dangers of using social media at work, as well as downloading of unauthorized software (such as games) which could include viruses and other malware
- Safe Internet habits in general, as well as business security awareness for the physical side of things (keeping passwords on sticky-notes is not a safe practice)
While we’re on the subject of passwords and data breaches, let’s take a look at another easily-avoided threat to your company data.
4. Using Weak Passwords
You wouldn’t expect people to use “password” or “123456” as their password so close to 2020. Yet the National Cyber Security Centre (NGCS) discovered just that. Amongst compromised accounts, 123456 was still the most common culprit.
Now, this may not necessarily apply to businesses. In theory, workplace passwords should be considered more seriously than just those for home devices. But according to a report, 80% of hacking-related data breaches still happen due to people reusing old passwords or choosing improper, weak passwords in the first place.
On the other hand, remembering random strings of letters, numbers and special characters could pose a problem – especially if working with multiple accounts and devices.
So what’s the best solution that strikes a balance between business security and convenience? Well, the best password managers are only a click away, and many organizations need to look into them as a way to both create and store strong passwords offline, where they are less likely to be compromised.
5. Keeping Policies Too Strict
Judging by the points above, the average employee might believe it’s not worth working for such a strict company.
You don’t need a study to tell you that people simply want to do their job without their work speed being impaired by a myriad of procedures and protocols.
A phenomenon called “shadow IT” is a concrete example. Employees want to finish work faster, so they start using unauthorized applications at work.
As was the case with password managers, executives need to learn how to make things easier for employees without compromising on business security measures.
A simple rule to follow is this: The less people have to change the way they work, the less likely it is for them to circumvent business security best practices.
All of this can only lead to improved productivity and minimizing the “human component” of security loopholes.