5 cyber security mistakes made by businesses and how to correct them

The single, biggest cybersecurity mistake businesses can make is to fail to appreciate the importance of robust cybersecurity. All other common mistakes stem from this initial error. Here are five of the main ones and what they can mean for your business.

Failing to appoint someone to manage cybersecurity

Cybersecurity is far too important to be left for when (if) somebody has some free time from their “proper” job. It needs to be at least part of somebody’s official job role. That somebody then needs to be given appropriate resources (and authority) to fulfil their designated responsibilities.

It’s absolutely fine if your cybersecurity manager delegates everything to do with cybersecurity. In fact, that’s likely to be standard practice in SMEs, particularly smaller ones. Their role is to make sure that the work is done rather than necessarily to do it themselves.

Failing to review and refresh your IT policies

This failure often ties back to a failure to appoint someone to be in charge of cybersecurity. Technology is one of the fastest-moving industries the world has ever known. Cybersecurity is probably the fastest-moving part of the technology sector. 

Even though the basic principles of cybersecurity have been around for thousands of years, their implementation needs to be constantly reviewed and refreshed as technology develops.

For example, in the early days of IT, “data theft” meant printing out data or copying it onto a floppy disk. Now, it’s more likely to mean phishing or even spear-phishing.

If you fail to stay on top of these changes (or to hire someone to do it for you), you leave yourself very exposed to attack. Remember, no business is “too small to be a target”. If you make yourself a soft target then you can expect to be attacked no matter how small you are.

Failing to set a realistic budget for cybersecurity

Effective cybersecurity effectively boils down to a combination of skills, tools and training. All of these come at a cost, even if the cost is only the time of the people involved. You, therefore, need to be prepared to invest in hiring skilled cybersecurity professionals and providing them with the tools they need.

The good news is that this can be a lot more affordable than you might think. For most companies, especially, SMEs managed IT services are the way to go.

Depending on your needs, wants and budget, you could hire a managed cybersecurity specialist or have cybersecurity included as part of a broader managed IT services package.

Your managed cybersecurity partner may be able to arrange training for your staff. Even if they can’t, they can generally suggest training options for you. It is, however, down to you to set aside a budget for this.

Similarly, you will need to set aside a budget for regular hardware upgrades. Different items of IT equipment will have different life-cycles. As a rule of thumb, however, desktops/laptops, tablets and mobile devices should be replaced every three years.

Failure to manage your assets effectively

You need to know every last item of hardware or software that could touch anything in your company. This includes hardware and software that is designed to be used offline (e.g. physical storage media).

You should know what it is, what it does/holds, where it is and who is responsible for it. You should also have a plan for ensuring that it is looked after for as long as it is needed and then archived if appropriate before being destroyed/deleted.

Failure to implement robust access controls

The most basic way to protect your security is to make sure that people only access sensitive resources if they actually need to do so. This concept is simple in theory but generally takes some effort to implement in practice, especially as companies grow larger.