A post by Carla Lopez

Small and mid-size businesses are primary targets of cyber-attacks as unlike large corporations, they often do not have sophisticated security systems in place. Additionally, by attacking a small/midsize business, hackers can gain access to a large network of data which includes personal information, bank details, and passwords of suppliers, clients, and partners of the business. As reported by GOV.UK, two out of five businesses in the country were impacted by a cyberattack in the last 12 months. To tackle the increased risk of cyberattacks, this post by Fight Back Ninja explores four common security mistakes to avoid and the best practices to safeguard your business.

Mistake 1: Not Having Trained Cybersecurity Professionals

Cybersecurity for your personal device is entirely different compared to a business. While an antivirus plus malware protection software will suffice for your laptop, business machines and servers need multiple layers of security. This can include a firewall, anti-malware software, backup services, data encryption, system monitoring, and more.

As with any important business function, the responsibility of cybersecurity should be delegated to professionals. You can either hire professionals in-house or outsource it to an agency. Hiring multiple professionals can be costly compared to an agency but will make supervision easier. Regardless of your choice, the business will be in much safer hands with the involvement of professionals.

Mistake 2: Not Keeping Software Up To Date

Whether it be third-party software used for marketing, finance, sales-related activities, or the operating system, developers periodically release new versions that should be installed promptly. Updates are often released to patch security bugs and include new features. Using older versions of software exposes you to the risk of cyberattacks. By exploiting security bugs hackers can gain easy access to your data and reduce the chances of detection by the security system.

While hacking a third-party software may not compromise your entire system, hackers can still steal valuable customer and supplier data. To avoid this predicament, enable the option of auto-update for all software. Additionally, periodically check for newer versions of your operating system and ensure it is applied to all machines in the office.

Mistake 3: Not Password Protecting Documents

Daily, various stakeholders of your business will share documents through email, messaging applications, or other online mediums. As mentioned in the previous point, hackers can steal your data by targeting third-party software (including email as well). However, you can safeguard documents with sensitive information by converting them into password-protected documents.

For instance, if you’ve created a PowerPoint regarding the company’s financials, performance, and supplier partnerships, before sharing it digitally, convert your PPT to a PDF that can be password protected. This way only individuals who know the password can view the document.

Oftentimes, only the owner retains the right to make alterations to the PDF, reducing the risk of important documents being tampered with. As a best practice, instruct all employees to always convert documents into password-protected PDFs before sharing.

Mistake 4: Not Having Data Back-Ups

As reported by Data Bacisx, the average remediation cost of a cyberattack in the UK is $840,000. This can include the ransom companies deciding to pay hackers and the costs of rebuilding the business. However, paying the ransom never guarantees that you’ll get your data back. Hackers do not work on goodwill and use ransomware attacks to trap businesses in a vicious system of extorting money. One of the reasons businesses may agree to pay a ransom is because they do not have a backup.

Not having a backup puts your business at grave risk. Along with cyberattacks, natural disasters, server malfunctions, human error, and other foreseen events can lead to data loss, causing major financial damage to a business. Hence, it is important to create a data backup policy on priority. This can include creating a secure server not connected to primary servers used by the business, having a weekly automatic backup schedule, periodically running recovery exercises to check data integrity, and having a recovery plan for cyber attacks.

Avoiding these four mistakes will significantly reduce the threat of cyberattacks, and safeguard the long-term health of your business.