Are you making these cyber security mistakes?
Every day there is a new warning about a threat to cyber security, that’s how it feels. Every week we are writing a new blog or recording a new video.
But it is for a Really good reason. In the last 12 months, Cyber Attacks went up, with ransomware attacks affecting 73% of UK businesses.
By 2025, Cyber-crime is being estimated to hit $10.5, trillion (that’s £8.4 trillion), Globally. That’s up from $6 Trillion last year, according to the ‘2022 Cybersecurity Almanac’
The unfortunate thing is that we’re still seeing too many businesses that won’t taking this threat seriously.
It’s not just your data that you could lose, it is the cost of remediation or mitigation that can run into tens of thousands of £££, when you fall victim to a Cyber Attack. It is now a case of when, not if.
After that, it is also the downtime you will suffer. The average for this is 21 days of downtime after an attack. That’s 21 days where you cannot use any of your Business Tech, possibly some personal tech as well. That’s 21 days without doing any billing or payments, and 21 days worth of overtime to pay to catch up.
That’s not to mention the loss of trust and reputation with your clients, which could lead to you losing their business
It is so important that your business looks at the steps it is taking, and what it should be taking to keep you data safe and secure.
This is going to mean a layered approach to your cyber security. Cyber Security is very much like and onion, where different tools are used for different purposes. These different tools work together, giving you an appropriate level of security for your business.
This also reduces the chances of you being attacked, or an attack getting through. But if you do suffer an attack, you will be able to recover.
As with any security, you will never be able to achieve 100% protection. Not without locking totally every system and removing the internet. That’s going to make doing business really difficult. Plus your team is likely to try and find a way around the security, making you a bigger target.
The key to excellent cyber security is striking the right balance between protection and productivity.
There are three easy mistakes that are by business owners, or businesses – they’re also some of the most dangerous mistakes to be making.
Are you making any?
Mistake 1) Not restricting access
Each job role and purpose for an employee will need a different level of access. Allowing everyone the same access, even if there is only 2 of you, can leave you network open to Criminals
You should also make sure to change access rights when someone changes roles, and revoke them when they leave.
Mistake 2) Allowing lateral movement
Getting access to a team members computer, may not spell the end of the world. But what if they can access this, and then get to your CRM? Or worse on to the users Email account?
This is known as lateral movement. By gaining access to one system, the criminals can then work their way into other, more sensitive systems.
By moving systems, they can access the email of someone who has admin rights, or worse still the company bank account access, and start resetting passwords and stopping people getting access
One defence against lateral movement is air gapping. There is no direct access from one part of your network to another.
Mistake 3) Not planning and protecting
Businesses that work closely with an IT partner to prepare and protect are less likely to be attacked in the first place. Plus will be back up and running faster, if the worst does happen and they get attacked
Having an up-to-date plan in place that details what to do should an attack happen, is a must. And it should be tested regularly, as well as updated with new information.
By doing this, it will massively reduce the time it takes to respond to an incident. It means you will reduce the time, cost and amount of the data being lost.
If you think or know you’re making one (two, or even three) of these, you need to act quickly. We can help.
Call us, and we can go over the current set up and make some recommendations.