When it comes to cybersecurity, the chances are that your business, like many others, is willing to go the extra mile to ensure that you’re as protected as possible from the many threats that come your way. Unfortunately, not every piece of advice that you read about cybersecurity is as effective as you might like–and all too often, bad advice can send your business crashing down around you. We’ve heard some terrible pieces of advice when it comes to cybersecurity–and by recognising them for the bad advice they are, you can better protect your company and put yourself in a better position to keep your data safe.
Bad Advice #1: You Don’t Need That Patch
Installing patches and software updates is an ongoing headache. It means rebooting your systems and often being unable to use the software while it updates–not to mention taking up more space on your system and causing you a wide range of frustrations. Why not just let your antivirus software catch it if someone comes in to exploit the cybersecurity holes fixed by the patch? Isn’t that why you keep it updated?
Unfortunately, your antivirus software isn’t perfect. More than 360,000 new examples of malware releases happen on a daily basis; and while your antivirus software is designed to catch many of them, it may not be up to stopping the latest threats to your system. Installing patches helps close backdoors into your system and ensures that you aren’t caught by an exploit that’s previously left your company vulnerable.
Bad Advice #2: You Don’t Need Separate Networks
As the Internet of Things has swept the world, creating a higher level of connectivity across the globe, it’s become increasingly important to provide separate networks for those devices. Unfortunately, it does require work to set it up–and unfortunately, many technical teams prefer to set up and manage a single network for every device in the company. How bad could it be?
As it turns out, it could be catastrophic. In the first half of 2017, IoT attacks grew approximately 280% globally–much of this in the wake of Mirai, an IoT attack powerful enough to take down Amazon, Netflix, and a range of other favourite websites. 66% of IT professionals don’t even know how many devices connect to their networks, including everything from smart televisions and refrigerators in the break room to personal devices used by employees in their offices. It’s critical to set up a network that is separate from the network that controls vital office routines and data. Setting up a network that separates guest traffic from work traffic also helps protect your data.
Bad Advice #3: Physical Security Isn’t That Important
You keep a close eye on your laptop and other important devices whenever you’re out with them. You don’t need to worry about physical protection of them, do you? A laptop is stolen every 53 seconds–and 52% of them are stolen from the office. That means that even when you’re sure your laptop is secure–after all, you’re just taking a quick walk to the vending machine or visiting the restroom!–your laptop could be at risk. Physical security, therefore, is a critical element of protecting your laptop and ensuring that your organisation won’t lose vital data to theft. Consider:
- Multi-factor authentication
- Smart card access
- Smart USB protection
- Chassis locks to keep vital components safe
- Full drive encryption
The more physical security you provide for your device, the better you’re able to protect that vital data–and since you’ll find 80% of the cost of losing your device in the cost of data lost or stolen along with it; it’s critical to provide that extra layer of protection.
Bad Advice #4: You Don’t Have to Change Your Password
You’ve used the same password for years–and chances are, you use it across all your devices. After all, if you have never experienced a data-breach, why do you need to worry about it? Changing your password, however, is critical to the overall security of your device and your data. It’s important not only to change it regularly–and to change it, not to shift a number at the end–but to make sure that you’re using different passwords for your company data and your websites. Using unique passwords and changing them regularly ensures that a breach at one location won’t lead to compromised data at another.
Bad Advice #5: You Don’t Need to Train Your Employees
You have an extensive cybersecurity system, from physical security on your devices designed to prevent theft of data, or theft of the device itself, to antivirus programs, regular updates, and more. So doesn’t that mean you’re all set? Sadly no, employees remain the biggest threat to cybersecurity in your office–and all too often, it’s not malicious! Savvy employees need to understand office policies regarding security and how to keep company data safe, including:
Securing devices any time they walk away from them, even if it’s just going to be for a little while.
- Creating effective passwords that decrease the odds of being hacked.
- Avoiding social engineering scams both online and over the phone–not to mention in person.
- Knowing how to judge links to ensure that they’re on the website they intended to visit
- Backing up data appropriately, especially when it comes to essential company data
- Connecting devices to the company network–including which devices it’s not acceptable to connect and which networks they’re allowed to connect to
Cybersecurity is becoming increasingly important for many organisations–small businesses are at just as much risk as big ones since today’s hackers know that small businesses often lack the resources that can help protect their systems as well as their larger counterparts. By avoiding these pieces of bad advice and choosing instead to make wise choices about your company security policies, you can improve your security and help protect both company data and the valuable customer information that you collect every day.