When it comes to business security pitfalls, “neglecting the basics” and “lack of documentation” seem to come up most frequently.
According to a study by eSecurity Planet, only 66% of companies worldwide consider themselves truly prepared for security hazards.
Most businesses aren’t even following the five key Cyber Essentials security practices laid out by the government, which include such basic things as installing anti-malware software or using a properly configured firewall.
At some point, one has to wonder if this is a case of consciously cutting corners or a simple lack of cyber security awareness on the part of business owners.
We won’t try to drive those points home even further. Instead, let’s focus on some aspects that even those with a modicum of preparation tend to overlook.
The 6 Business Security Pitfalls
1. Not Vetting Cloud Services
Information sharing and team interactions may have improved dramatically since the introduction of cloud services, but that does not mean businesses should rest easy. Cloud providers aren’t immune to cyber attacks.
Vetting your cloud storage and computing providers is crucial, and the same goes for any third party networking business you might work with.
A company’s own security branch may vet the cloud vendors themselves, but you can rely on independent vetting sources for IT services to do a good job as well.
One relatively crucial cloud service quality not discussed in the article linked above is end-user convenience. More on that topic a bit later.
Also read: 7 Benefits of IT Consulting for Businesses
2. Not Truly Understanding Data Protection
As a business owner working in the modern landscape, you probably understand the need to comply with data regulations. GDPR, CCPA, and related legislation are in place to protect consumers. Sadly, failing to satisfy those demands will lead to huge financial fines as well as damaged reputations.
Data collection is still necessary when you want to improve your business services, but you must handle it safely and effectively. Understanding data de-identification and potential data de-anonymization is essential. From the processes to the repercussions of getting it wrong, a deeper knowledge of the situation will help you take the right precautions.
As well as protecting client data, you must protect your innovations and ideas. Otherwise, criminals and competitors could try to capitalize on them. Protecting intellectual property with copyrights and patents often gets overlooked by SMEs. Unfortunately, it can harm your reputation and profits. Do not let this become a problem.
3. Allowing Personal Devices for Work
It is a costly investment to get business devices for your employees, especially if you’re just starting out. Small business owners may just allow home devices at work to curb some of those costs.
Not only that, but one Frost & Sullivan study says there’s a 34% increase in productivity simply from using personal devices. So it makes sense to allow a BYOD (bring your own device) policy, right?
Unfortunately, that may end up costing you thousands of times more than the price of a tablet or laptop.
While it’s true that annual savings could reach hundreds per employee, the risks of BYOD far outweigh the positives:
- For one, business security protocols need to be consistent across all devices working with sensitive data. This is difficult when everybody has different perspectives on privacy-invasive software and so on
- Home devices could easily be lost or stolen vs. work devices which are (supposedly) stored securely
- Even if your employees are specially trained, personal devices could easily fall into the hands of friends or family. If they’re not as careful, your company data could leak, or the device could become infected with malware leading to more significant damage
And speaking of untrained personnel…
4. Not Training Your Employees
According to Willis Towers Watson and ESI ThoughtLab, nearly 90% of executives see untrained staff as the weakest link in their organizations’ cyber security. “Better judgment” is fallible when it comes to dealing with online threats, so investing in proper training needs to be a top priority for business owners.
This doesn’t just include training to use in-house and out-sourced tools for an average day’s work. To save many headaches (and your bottom line), make sure to teach your entire company staff:
- How to recognize cyber threats such as phishing scams (which account for 90% of data breaches)
- The dangers of using social media at work, as well as downloading of unauthorized software (such as games) which could include viruses and other malware
- Safe Internet habits in general, as well as business security awareness for the physical side of things (keeping passwords on sticky-notes is not a safe practice)
While we’re on the subject of passwords and data breaches, let’s take a look at another easily-avoided threat to your company data.
5. Using Weak Passwords
You wouldn’t expect people to use “password” or “123456” as their password so close to 2020. Yet the National Cyber Security Centre (NGCS) discovered just that. Amongst compromised accounts, 123456 was still the most common culprit.
Now, this may not necessarily apply to businesses. In theory, workplace passwords should be considered more seriously than just those for home devices. But according to a report, 80% of hacking-related data breaches still happen due to people reusing old passwords or choosing improper, weak passwords in the first place.
On the other hand, remembering random strings of letters, numbers and special characters could pose a problem – especially if working with multiple accounts and devices.
So what’s the best solution that strikes a balance between business security and convenience? Well, the best password managers are only a click away, and many organizations need to look into them as a way to both create and store strong passwords offline, where they are less likely to be compromised.
6. Keeping Policies Too Strict
Judging by the points above, the average employee might believe it’s not worth working for such a strict company.
You don’t need a study to tell you that people simply want to do their job without their work speed being impaired by a myriad of procedures and protocols.
A phenomenon called “shadow IT” is a concrete example. Employees want to finish work faster, so they start using unauthorized applications at work.
As was the case with password managers, executives need to learn how to make things easier for employees without compromising on business security measures.
A simple rule to follow is this: The less people have to change the way they work, the less likely it is for them to circumvent business security best practices.
All of this can only lead to improved productivity and minimizing the “human component” of security loopholes.
7. Using a Centralized System
We recommend that your business switches to a decentralized system as soon as possible if you are worried about your cyber security.
This means doing your research into how this works, looking into decentralized identities and so on so that you can keep your business as safe as possible. A centralized system is more prone to cyber attacks and privacy breaches, but a decentralized system enables users to have better authority over their data.
You need to be able to have control of your business and the data, instead of risking your business online. If you still aren’t convinced, take a look at the average cost of a data breach lawsuit and then rethink the situation.