Executive Summary
- Cyberattacks are on the rise in the UK, and the cost of managing a breach can cost a business millions in time and money.
- Many businesses have the basic steps in place to mitigate against cyberattacks, but could your business be doing more?
- In this article, we cover 5 less common risk factors which UK businesses consider – including outdated software, insufficient cybersecurity policies, and the biggest of risk of them all: the human element.
Introduction
How much do you think a data breach would cost your business?
According to the 2020 edition of the Cost of a Data Breach Report, conducted by the Ponemon Institute, cybersecurity attacks cost an average business around £2.78 million to resolve.
But it’s not just the financial cost that businesses need to count – it’s the amount of time to resolve the breach, too. And, according to that same report, which surveyed over 500 businesses across the world, it took – on average – 280 days to identify and contain a cybersecurity breach.
So how can you stop your business becoming a statistic? We’ve already covered a lot with our Cyber Essentials Checklist, but some risk factors aren’t so obvious. With that in mind, here are 5 considerations you should bear in mind when optimising your company’s cybersecurity measures.
#1: Old versions of software or operating systems
If you’re a regular at the Get Support blog, you’ll know we’re no stranger to the risks of malware.
Malware can find its way into your network via various channels, but one of the most common is outdated software or operating systems. Once software like this goes “end-of-life” and is no longer supported, it’s often a matter of time before cyberattackers find holes and exploit them. And, because the software isn’t supported any longer, the holes are often never patched up.
So, if you’re still using your “old reliable” Windows XP machine… it’s time to say goodbye.
#2: Lack of proper password hygiene measures
You might start to notice a theme in these risk factors: a lot of them hinge on human error. We’ve said it before, but it bears repeating: even the most sophisticated security system in the world will be powerless in the face of a single mistake.
And one of the biggest mistakes we make is password management.
The truth is that the path of least resistance is usually the one we take, and that means reusing passwords is much more common than you think. Even using easily guessed passwords like “password123” happens all the time.
All of this falls under the umbrella of “password hygiene” and it’s a risk factor you can mitigate with a little bit of training or even the use of a dedicated password manager.
#3: An overworked in-house IT support team
Let’s face it: we can all get a little frazzled sometimes at work.
It’s only natural. But what happens when sole personnel suffer from burnout? Say, for example, your dedicated IT support person?
Whether they need to take time off or are simply overworked, mistakes and potential security holes become much more likely in these scenarios.
If your business is entirely reliant on just a single person for your whole IT support operations, you should definitely consider bringing in overflow support – like one of our IT support agreements.
#4: Sensitive data that’s far too accessible
Ever heard of employees accidentally stumbling across payroll documents or other info they shouldn’t really be seeing?
It happens a lot, and it’s something that’s really easy to manage with a few additional user policies in place. If you don’t have any form of user or group policies implemented, it’s likely that any of your employees can access any of the files on your company’s server or in the cloud. And while we’re sure you trust all of your employees implicitly, it still represents a potential cybersecurity risk, and it makes sense to keep certain data on a “need to know” basis.
Luckily, if you’re using Microsoft 365 Azure AD, or a local instance of Active Directory, you’ve got plenty of options for adjusting the permissions of your users. Not sure where to start? Get in touch with our team and we’ll give you a primer on how to get the most out of your Azure / AD installation.
#5: Accidental loss or sharing of data
Remember when top secret government documents were left on a train, potentially compromising national security?
That’s an excellent example of how easy it is for human error to cause enormous security risks, and the same goes for your company’s cybersecurity.
If your team are using laptops with sensitive business data stored on them, or even using their mobile phones for the same purpose, loss of data being lost or accidentally shared is ever-present.
How do you mitigate this risk? There are a few different options, but we’d recommend making use of modern encryption tools, which are available for most devices including desktops, laptops, and even mobile phones. If you’re unfamiliar with encryption, don’t worry – we have a complete Plain English Guide on this very topic.
Need an extra layer of security on top of your encryption? You have options there, too, including advanced tools like Microsoft Intune.
Give your business an IT support health-check with Get Support
If you recognise any of the risk factors above as something you’ve seen – or continue to see – in your business, don’t worry. While it’s important to address each of these risk factors to mitigate the chances of a security breach, help is at hand.
At Get Support, we’ve spent decades helping UK-based small and medium-sized businesses build robust cybersecurity measures into their everyday operations. This includes everything from assisting with Cyber Essentials advice to deploying full cybersecurity mitigation platforms.
To learn more about how we could help your business toughen up its cybersecurity, call us today on 01865 59 4000 or drop your details into the form below.