As a small business owner, securing your business and customer data is no doubt on your mind. You probably have an anti-virus, (may or may not) have good passwords in place and most of your data is in the cloud. Is that enough? You’re not sure. Does it matter? Probably not; you’re an unlikely target for a cyber-attack.
Think again. The threat is more real than you may realise.
2016 data from Symantec suggests that 43% of cyber-attacks are on businesses that are small and deemed to be more vulnerable. But it may not even be external sources that are your biggest risk. The reality is that even well-meaning employees can make mistakes or have the wrong information – and this too can cost your business dearly.
The concept of IT security – or cybersecurity – refers to protecting your data and your systems from theft, disruption and damage – whether malicious or accidental.
And while no business is immune to the threat of data loss and the business disruption that comes with it, staying informed is the first step in gaining control.
We get it, you’re busy working on your business. And you may trust that ‘the cloud’ is looking after all your data and cybersecurity issues. Here are some of the most common mistakes we see small business leaders make – if any of the below apply to you, you could be doing things better.
You rely on Office 365 for backups. You may think the cloud is the safest spot for all of your data storage, yet around 32% of cloud users report data loss. You may be able to retrieve lost files, though this is not always guaranteed. But even then they may not have the same file structure and usability as they did before.
You don’t take the time to update your software. Yes, it’s yet another task and it can easily fall by the wayside, but it is worth the effort. Windows 10 – as just one example – is much more secure than its predecessors. This is likely to also be true of your other software platforms.
You don’t take passwords seriously. Your systems are only as secure as your weakest password. So even if you do take yours seriously, can you be sure that the rest of your team does too?
IT security is not on your team’s agenda. When you on-board new staff or contractors, you may not have time to make security education a priority. As for your existing team, it is easy to assume that they already know this stuff.
There are so many elements of ‘cybersecurity’. It’s not just about having antivirus software in place, a strong password and cloud backups. That is just the tip of the security iceberg. And, given that many security issues are caused by human error, it’s critical that you look at all pieces of the puzzle, such as staff education and system updates.
We deal with customers every day who thought they were immune to data loss and regret not seeking help to put better processes in place. A customer using SharePoint got into a mess when someone tried to re-organise the file structure and, in the process, lost some data. In this case they were able to get it back but what they received was just a list of files, the entire file structure was gone, making it extremely difficult to use. Other customers have lost email history in Office 365, making litigation or disciplinary action – already unpleasant situations – much more complicated than they needed to be.
Then there is the ever-evolving concept of social engineering. Attackers are now using social media to research an organisation to better target them with legitimate looking emails or offers. They are able to learn about the company structure, suppliers they deal with and other information to fool people into clicking on to a malicious site (to freeze data or infect with a virus) or (increasingly) to transfer money. It’s tempting to think, ‘That would never happen to me’, but think again. We dealt with a professional services firm whose finance department transferred funds to a hacker, thanks to a well-crafted email referencing the right staff, project and customer details.
The good news is that when it comes to IT security, small steps can reap great rewards. The first step is recognising you are not immune and deciding to take control. We can help. We’ve created a simple, actionable checklist to help you start taking control of your IT and data security. Download our security checklist here or get in touch today.