What are the Biggest Cybersecurity Mistakes Made by Small Businesses? (& How to Avoid Them!)

Everything’s going along like usual, it’s a Thursday and the week’s been pretty productive for your office, then suddenly someone notices that they can’t access a client database to add a new invoice. "Hmm, that’s strange," you think.

Then more users check, and they’re locked out too. You come to realize that your server has been infected by ransomware and you’re now you’re in full-blown emergency mode and all business comes to a screeching halt. When the dust clears and the ransom is paid (because you didn’t have a backup), one employee sheepishly admits that they may have accidentally clicked on a strange email link. That’s a typical scenario of how a malware infection can occur due to some common mistakes that many small businesses make. In the case of the above scenario, the mistakes where:

  • No employee cybersecurity training to teach phishing email identification.
  • No backup of data that would’ve avoided having to pay a ransom.
  • No ongoing managed security plan that would’ve been monitoring the server for threats proactively.

Whether an attack is ransomware, spyware, credential theft, or stolen customer credit card numbers, a cyberattack is costly no matter what size business you have. But it’s especially damaging to small and medium businesses that don’t have the resources to deal with the aftermath. 83% of small and medium-sized businesses don’t have the funds to deal with the repercussions of a cyberattack. It’s often just common mistakes that are to blame when a business falls victim to an attack, so knowing how to avoid those mistakes and go a long way towards protecting your company against a cyberattack and the costs that come along with one.

Common IT Security Mistakes to Avoid

Good security can become a habit, just like mistakes can. It’s often just a case of knowing what you’re doing wrong so you can correct it. Here are the biggest mistakes that small businesses make when it comes to their data security and how to correct them.

Not Properly Updating Software & Operating Systems

Many small businesses don’t have a formal update plan in place. So, some user computers are updated regularly, while others aren’t. The ones that aren’t updated in a timely manner can leave a big hole in your network security because those updates contain vital security patches. Unpatched vulnerabilities were responsible for nearly 60% of reported data breaches at businesses in the last two years. AVOID: The best way to avoid this mistake is to sign up for managed IT services that include handling all your patches and updates to ensure they’re installed across all devices in a timely manner.

Not Using Password Security Controls

If you’re leaving your password security to your users, there’s a good chance that you’ll have some weak passwords that are easy for hackers to get past, making your network and data vulnerable. AVOID: You can avoid the weak password problem by utilizing admin tools in programs like Office 365 that will not accept weak passwords, forcing users to create strong ones. Enabling multi-factor authentication for all users also significantly increases password security.

Not Having a Mobile Device Management Policy

Cloud applications are great and allow for the flexibility of accessing your work applications from desktop or mobile. Unfortunately, many small businesses haven’t taken the time to get a handle on employee mobile device use for work, leaving company data vulnerable because it’s accessible by multiple unsecure smartphones and tablets. AVOID: Mobile use has exploded over the last 10 years, and it’s time to ensure mobile device security at your office if you haven’t already. The easiest way to do this, especially if you’re using a bring your own device (BYOD) policy, is through the use of a mobile device management application, such as Microsoft Intune.

Not Regularly Testing Backups

All too often a business will get hit with a data loss incident, go to the backup they thought they had only to realize it isn’t complete or has stopped for some reason. A common backup mistake is to start a backup for the first time, then never check it again until you need it. AVOID: Backups need to be checked regularly to ensure they’re still running smoothly and backing up the data you need. It’s also important to check to make sure they haven’t hit a space limit and stopped recording new data. Managed backups can help ensure your data backup is regularly checked for integrity.

Thinking You’re Too Small to Need a Cybersecurity Plan

Just because your business may be smaller than others, doesn’t mean that you don’t have the same needs when to comes to your cybersecurity plan. Companies without a plan are often the ones caught most off guard when a cyberattack hits and are most unprepared to deal with it. AVOID: Take the time to map out your cybersecurity strategy, including what vulnerabilities you have, what steps you’re taking to protect your network, and what to do if an attack is discovered. Being prepared both helps prevent data breaches and reduces their cost of impact. For example, just the formation of a formal incident response team reduces the cost of a data breach by $360,000.

Get a Handle on Your Cybersecurity Plan with Onsite Techs!

Onsite Techs of Rhode Island is your "go to" cybersecurity resource. We can go through an assessment of your current IT security processes and let you know any vulnerable areas and what to do about them. Contact us today to schedule an appointment at 401-415-6290 or reach out online.