Being warned about the new threat to our cyber security feels like a daily occurrence doesn’t it?
That is for good reason, ransomware attacks alone affected 73% of UK businesses last year.
According to the ‘2022 Cybersecurity Almanac’, the estimated cost of cyber-crime is estimated to hit £8 trillion by 2025.
Even with those eye-watering statistics, we are still seeing far too many businesses that aren’t taking this threat seriously.
If your company falls victim to a cyber-attack it isn’t just data that you could lose. The cost of remediation or mitigation can run into tens of thousands of pounds.
And just in case that wasn’t sufficient you will also suffer an average of 21 days of downtime after a cyber attack. Now just imagine that …. 21 days without being able to use all your business technology as normal. It just isn’t worth thinking about!
The one impact that we haven’t mentioned yet is the loss of trust your clients have in you, which could lead to you losing their custom.
You may have realised that it is really important that your business is taking the appropriate steps to keep your data safe and secure and we cannot emphasise that enough.
That most likely means a layered approach to your security. This is where several solutions are used, working together to give you a level of protection that is appropriate for your business.
This will reduce your risk of being attacked. And makes recovery easier should you fall victim.
At this point it is worth mentioning that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every station, to the point where it then becomes difficult to do business (potentially leading to your staff constantly looking for ways around the enhanced security).
The key to excellent cyber security is striking the right balance between protection and usability. You don’t want super easy usability at the expense of poor cyber security but at the same time, you don’t want security like Fort Knox at the expense of difficult usability.
There are three main mistakes that are made by businesses – and they are also some of the most dangerous mistakes to make leaving your business vulnerable.
-
Not restricting access
Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.
You should also make sure to change access rights when someone changes roles, and revoke them when they leave.
-
Allowing lateral movement
If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster. But what if they could move from your admin system to your invoicing system … and from there to your CRM …. and then into someone’s email account?
This is known as lateral movement.
If they can get into the email account of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.
Scary stuff!
One strategy against this is called air gapping. It basically means that there is no direct access from one part of your network to another.
-
Not planning and protecting
Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place. And will be back on their feet faster if the worst was to happen.
You should always have an up-to-date plan that details what to do, should an attack happen. This will significantly shorten the amount of time it takes to respond to an attack. That means you will limit your data loss and the cost of putting things right again.
If you know you are making one, two or even three of these mistake in your business, you need to act quickly. We can help.
Book your 15 minute consultation below and we can begin reviewing your security arrangements.