With businesses today relying almost completely on virtual operations, defending your business against cyber-attacks is a business-critical task. The research firm Cybersecurity Ventures estimates that by 2021, the cost of cyber-crime will cross $6 trillion annually, worldwide. Whether your business employs 4, 40 or 400 people, you could be at risk from cyber-attacks: The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year. Here are 10 common mistakes that businesses make that leave them vulnerable to cyber-attacks
1. Weak Passwords
Weak passwords are easily hacked. Your company should have an IT policy which requires strong, complex passwords. This means passwords of at least eight characters with a combination of uppercase and lowercase letters, numbers and special characters. Users should be required to change their password after a certain period of time and previous passwords should not be re-used. Employees should be reminded never to write their passwords down and not to share them with anyone else.
2. Poorly Trained Employees
One of the most important aspects of keeping your business safe is empowering your employees to use technology safely. Train them in company security policy; for example, creating strong passwords and changing them every 30 days and reminding them of procedures for encrypting personal data. Employees should also be trained in recognising potential malicious links and phishing attacks.
3. Not Backing Up Data
Backing up your data in multiple places is crucial. Once you’ve identified the data that needs to be backed up, particularly sensitive data that could fall under GDPR or CCPA, you must implement backups regularly. If your business has already migrated to the cloud, backing up your data is not an onerous task. However, the cloud is still vulnerable to data loss or hacking so it is a good idea to have a local backup. The strongest protection comes from following the 3-2-1 rule: keep at least 3 copies of your data, store 2 backup copies on different storage media, with 1 of them being offsite.
4. No Acceptable Use Policy
Your business should have a strong acceptable use policy. You can set up permissions that limit what websites employees can access from company issued devices. You can also detail what can and cannot be accessed from personal devices. Limiting administrative capabilities is also a good idea; not every employee needs to have access to all the information and data your business stores. The fewer people who have access to sensitive information, the smaller the risk of a data breach.
5. Unpatched Networks
If your networks are not patched, they can be exposed to new vulnerabilities which can be exploited by hackers. Taking the time to update your software means that you always have access to the newest, strongest security features available. Additionally, keeping your anti-virus software updated is critical to ensuring that you have the best technology protecting your business.
6. Public WiFi
With many people working remotely, it is difficult to ensure that everyone is using a safe and secure internet connection. Using public WiFi can be risky as hackers will exploit the lack of security. Employees should be using a secured home network and should never access sensitive company information from public WiFi networks.
7. No Firewall
A strong firewall is an important factor in cyber defence. A firewall is a network security device which monitors your network traffic and protects it from viruses and malicious code. It can also stop users from accessing certain external sites.
8. Unmonitored/ Unmaintained Firewall
Having a firewall is all good and well, but, like any other device, it requires maintenance. A weak, unmonitored firewall isn’t much good. Your IT provider usually monitors and maintains your firewall as part of their regular, routine maintenance.
Phishing emails work, which is why they are used so frequently by cyber criminals. They work by getting you to click a link, download a virus or enter personal details. Over the years, hackers have become more and more professional so they can look legitimate. Training employees to recognise a phishing attack is vital.
10. Social Engineering
Social engineering is when hackers pose as someone you know, or a trusted organisation, in order to gather personal details. It also works well so remind your employees never to open an email that looks even slightly off and never to click links, or download attachments, unless they are 100% certain who sent them.
Cardonet can provide you with a comprehensive range of cyber security services to help you stay secure and, at the same time, help you demonstrate compliance with industry and regulatory standards. To find out more about our Cyber Security Services, please click here.
If you are concerned about cyber attacks and how it could affect your business, call us on +44 203 034 2244 or +1 323 984 8908 Alternately, you can contact us online. We will be happy to help you overcome your hotel IT challenges so that you can improve your guest experience and set your hotel apart. Cardonet have been working with businesses for the past twenty years to help them overcome their technological challenges. We have engineering bases in the United Kingdom, Europe and Southern California and our group of highly experienced engineers are available 24/7 to assist and ensure that your IT infrastructure is secure and running seamlessly.