A good understanding of cyber security is a necessity for all businesses — but with so much advice out there, how can Gloucestershire businesses separate the ‘must-dos’ from the myths?
SoGlos debunks those common cyber myths to bring Gloucestershire businesses the facts, not fiction, when it comes to protecting your IT systems...
Small or medium-sized businesses are not the targets of cyber criminals
‘We are too small — nobody would be interested in what we do’ is a common refrain from many small and medium-sized firms when asked about their cyber security.
Experts will tell you quite the opposite. Smaller businesses often lack the sophisticated software or security team of big firms, making them an easier target for cyber criminals. It's vital that SMEs learn the basics of cyber security and protect their IT systems.
We have strong enough passwords already
If you think your business has strong enough passwords and these alone will deter cyber criminals, think again. Experts now advise on ensuring you have two-factor authentication. That means a password and a second ‘identifier’.
Likewise, a single password is not enough to keep a WIFI network secure. Good security is the sum of its parts. At a minimum, staff should use virtual private networks (VPNs) to secure their connections.
We have never been attacked before
If you presume that your business has never been attacked because your security is so good, it's more likely that you've just been lucky so far.
Cyber attacks are becoming increasingly sophisticated, meaning businesses must develop a strategy that allows them to react quickly to a security incident, mitigate any damage before it becomes significant and learn from it.
We meet all the industry regulations
While keeping up with industry regulations is necessary for your reputation and your security, you shouldn't benchmark yourself against them as a measure of how good your security is.
They often only make up the bare minimum of what your business should be doing to stay cyber secure. Carefully consider whether regulations cover the scope of your data and critical systems.
It's our IT department’s responsibility
Don’t put all the responsibility for your business’s cyber security on your IT department.
While the IT department will have the lion’s share of the responsibility, everyone in a business should play their part — not just to detect and deter, but to report any suspected breaches, too.
We only need to worry about keeping internet-facing applications secure
Securing internet-facing applications is a must, but they should not be the only focus for your business.
If one of your staff uses a flash drive which contains hidden malware or plugs in a phone or laptop usually used for personal use, your organisation could face threats. Having a multi-layered approach to security and educating staff is all-important.
Our security provider has it under control
As good as you might think your third-party security provider is, they are not on their own.
It is crucial that every business seeks to understand the security risks, develops policies and practices to keep it safe, implements them and reviews them regularly.
Our anti-virus and anti-malware software will protect us
If you don't have anti-virus and anti-malware software installed already, then you should get some straight away — but don't rely on that alone to keep your business safe. It won't protect your IT from every cyber risk.
A comprehensive cyber security plan must also include response plans and employee training — and this must be ongoing, with risks changing all the time.
We've got it covered and are completely safe
Achieving good cyber security is an ongoing process. Just as criminals are developing their methods of attacking your business, you must continue to adapt, learn and refresh what you do.
Continuously monitor, conduct internal audits, train, review security policies and embed best-practice into your key business processes. Make this part of your company’s culture. It will make your business, your customers and your suppliers safer.