Businesses across the world are in an arms race against cybercrime. The goal posts are moving all the time, as hackers and criminals develop new ways to exploit weaknesses for nefarious purposes.
With new tactics to circumvent corporate defences being unveiled almost daily, it can be a real challenge to stay up to date when it comes to cybersecurity. If you’re a small or medium business, it’s often all too easy to get quagmired into outdated security illusions.
But basing your security strategy on archaic misconceptions can be massively harmful to your organisation. Don’t let your digital operations be torpedoed by cyber myths. Here are five big security fallacies to shake off right now.
1. Hackers only target big businesses
Think your business is too small to register on the radar of hackers? Think again. Cyberattacks do not discriminate, nor do they specifically target huge enterprises. Cybercriminals typically aren’t sizing up the most lucrative targets and then creeping in Ocean’s Eleven style. Most cybercriminals operate by unsystematically peppering the web with a blanket of attacks and hoping to hit a weak spot.
Security breaches in big name businesses may be the only ones that reach the news, but that doesn’t mean that raids aren’t happening across the board; the average website is attacked 50 times every day.
Burglars don’t only hit huge mansions, so don’t make the mistake of thinking a cybercriminal will see no value in striking your organisation. According to recent research, 58% of data breach victims are small businesses. In fact, small businesses often prove to be more worthwhile targets, as they’re less likely to have up-to-date security measures or dedicated IT teams in place than larger organisations.
All criminals are really looking for is a way in, and if they’re more likely to find that in a smaller operation, that’s where they’ll look. The only difference is that the ramifications of a cyberattack can be far more devastating for a small company.
2. My staff won’t let me fall victim to cybercrime
Though hackers and external forces do pose a big threat when it comes to cyberattacks, it’s often internal error that lets them through the gates. Research suggests that insider threats actually account for around three quarters of corporate data breaches.
The majority of cyber-attacks are not as high tech as you might imagine. In reality, cybercriminals rely on a general lack of security awareness to compromise your systems. When it comes to digital security, your staff are the number one risk.
That’s not to say your staff are giving out their passwords willingly or inviting malicious forces inside your business. Most of the time employees will leave the door open to attacks completely unintentionally, simply by using a weak password, clicking a link in what looks to them like authentic correspondence, or giving away a little too much information when dealing with unverified third-parties.
Without proper cybersecurity training, you can’t expect your staff to be able to spot a malicious email, or generate a strong password. Security truly is everyone’s responsibility, especially in smaller organisations, and education is your best defence.
Tools like two-factor authentication can also be helpful, and don’t have to cost the earth either.
3. I only need to worry about securing business devices
You probably have a decent amount of hardware connected to your business network; desktop computers, laptops, maybe company-issued mobile phones. You probably have firewalls and anti-virus software installed on them too. But do you ever think about what else, and who else, is connecting to your network?
The Internet of Things—that’s the global network of devices that communicate with each other using the internet—is growing with every second. Smart TVs, smart domestic appliances, games consoles, cameras, fitness trackers, and digital assistants like Alexa are all part of the IoT, but often aren’t subject to the same security protocols as devices like computers and phones. Cybercriminals are increasingly targeting IoT devices because they allow back-door access to a network, enabling hackers to circumvent any security measures that might flag traffic from unknown IP addresses.
If you have a wireless network that your employees can connect their own devices to, you could be exposing yourself to unnecessary risk. Many companies have BYOD (Bring Your Own Device) policies in place to try and minimise this risk when employees are using their own devices for work purposes or simply utilising their company’s network to connect to the internet, but the policy is only half the battle. You also need to make sure employees are aware of it and are adhering to it.
4. I can set it and forget it
It’s not something any business owner wants to hear, but cybersecurity is an ongoing commitment. There is no end goal, there is no sacred state to which a business can rise that will keep them safe for years to come.
Neglecting to keep face with developments in security can be disastrous, says Mark Hill, CIO at Pearson Frank “Cybersecurity is an arms race; criminals are constantly evolving their techniques and coming up with new, more sophisticated ways to attack your business. It’s crucial that you don’t rest on your laurels and let your dedication to security slip.
You should be regularly evaluating your security plan to make sure it’s still fit for purpose. That means staying on top of patches and updates for your software, retraining your staff, initiating regular password changes (and not just changing the number at the end), and conducting penetration testing to spot holes before hackers do.”
5. Cybercrime is all about credit card fraud
Identity theft and other forms of card fraud is a massive problem, affecting millions of people in the UK every year. However, it’s not the only way that cybercriminals can steal from your business.
Much of today’s cybercrime is not just about thieving cash, but about disruption. As organisations become ever-more reliant on their digital tools, criminals are seizing any opportunity they can to threaten a company’s ability to operate and, by extension, their reputation.
Take ransomware for example. Typically delivered through a deceptive email attachment or a link to a shady website, ransomware is software which infects your system and encrypts your files. The cybercriminal will then demand payment to give you back access to those files, effectively holding your business to ransom.
Other popular types of malicious software include keyloggers, which record information typed into a device, spyware, that secretly observe a user’s activities, and trojans, which masquerade as a useful or harmless piece of software in order to get access to your system and steal information or destroy data.
Malware is often designed to go undetected, so it can do as much damage as possible without being tackled. Even if you don’t know it’s there, malware infections can often be detected by search engines who’ll blacklist your site, tanking your traffic and damaging your status.
Cybercriminals are out for what they can get, and unfortunately that means no business is safe from the threat of cyber-attacks. Being a smaller company or having fewer resources than enterprise-level organisations is not a reason to neglect security—if anything, it means you need to take an extra-stringent approach to making sure your business is protected.
6. My website isn’t big enough to be a target
Unfortunately, it’s not the case. In fact, small business websites are often the primary target for malware, malicious code and other vulnerabilities. Hackers will often run scripts to scan thousands of websites at a time for out of date software, backdoors in website hosting and weak passwords. Whilst WordPress is the world’s most popular platform for websites, it makes it the most targeted. Many website owners are naive in thinking that their website doesn’t need to be regularly updated and maintained. Security patches and updates are often available weekly when new vulnerabilities are discovered. Take the necessary steps on how to secure your website before it’s too late.
Cheap hosting companies such as Godaddy and Hostgator usually offer automated updates to WordPress as part of their hosting packages. The problem with this is that any update which is applied automatically has the potential to break a website or create an incompatibility with a plugin or theme. By leaving these updates to apply automatically, you run the risk that your website stops working or elements of the design and functionality stop working. It’s always advisable if you’ve had a website design created for your business, that you continue the relationship with your website designers to ensure they can assist with regular maintenance of your website.
If your website has been compromised of you’re worried about your website’s security, please contact us for help.