We all often assume, and we have all often said ‘that won’t happen to us’ but in the realm of cyber security we should assume that we WILL be the next business to be affected.
Here we share our top 5 Myths, Misconceptions & Mistakes that we have stumbled across when working with our clients.
1. We’re too small to be target
In our experience, smaller companies are usually less protected than larger companies often with less robust security procedures in place. In an SME reputation is key, don’t fall victim and lose a positive public image – get secure!
2. My antivirus will keep me protected
We hear this statement time and time again, but did you know that many modern threats are file-less, bypassing traditional AV detection? Cyber-attacks are becoming more complex and sophisticated on a weekly basis, you cannot solely rely on antivirus to keep your business cyber secure. We have found in several cases that antivirus protection has often been out of date as this relies on frequently updating pattern files and if this is not consistently and pro-actively managed, it can’t even stop the types of threats it is designed to!
3. My data is safe, it’s in the cloud
Cloud storage solutions and cloud applications are proving a hugely popular choice for organisations and we have on many occasions found that cloud security is often overlooked. Cloud services operate a “shared security model” and cloud set up is often implemented poorly with little or no control or process. The configuration of cloud systems is YOUR responsibility and needs pro-active management,standard configuration does not mean you are automatically fully cyber secure.
4. It’s my IT department/providers responsibility
Everyone within an organisation has a responsibility when it comes to Cyber Security, we all have a role to play to ensure our business is safe, starting with strong passwords through to securely processing sensitive data.
To ensure that all stakeholders across the business are actively engaged is the ultimate responsibility of business leaders to ensure employees are in receipt of regular training, have access to clear policies and have access to tools such as password manager applications to simplify their security responsibilities. Ensuring employees have knowledge and understanding is key to actively engaging the workforce to be cyber secure.
5. We’re compliant, so we’re secure
An organisation may be complaint with a particular standard however, compliance does not necessarily mean that you are secure from threats. It is also a “point in time” measure. A business that is compliant today may not be tomorrow.
A number of standards are available but differ depending on your business type and size. With various standards available you will need to undertake due diligence to establish which standard is most suited to your business, be it, Cyber Essentials, Cyber Essentials Plus or ISO27001 for example. Your careful research into the most appropriate framework will reap rewards longer term. Compliance is an ongoing process that needs careful planning and consideration as part of your business continuity plans, and seeking help from a specialist to decide can be an investment well worth making.