People often say you can’t truly understand something until it happens to you, which is true in many situations in life. It’s also true in business; companies that have never had to deal with data security issues can’t imagine the impact it can have on your business.
What are cybersecurity threats?
Cybersecurity refers mainly to protecting internet-connected systems, including hardware, software and data, from cyberattacks. Cyberattacks can result in the following issues:
- Data theft
- Ransomware installation
- Data corruption
- Spyware
These are serious problems which businesses can find difficult to deal with if they arise. Most companies have adequate cybersecurity measures in place to protect against these things, but every organisation needs a cybersecurity policy that is not just implemented, but updated regularly to ensure it’s as effective as possible.
Understanding ‘data’ in a business
Before we look at the common data security pitfalls many businesses fail to address, it’s important to understand what data is.
The word ‘data’ has many definitions, but in business, data refers primarily to the customer, transactional and businesses processes that are stored on a company’s computer systems. An example of data is an individual’s sign-up to a social media site, or an order being placed on an ecommerce site. For a service provider, it’s an enquiry made on their site.
Common cybersecurity pitfalls
In general, there are six external threats which compromise the cybersecurity of a company and could lead to data leaks. They are:
Weak passwords – Employees often use simple passwords and the same one across multiple accounts. User credentials being compromised is one of the most common methods of data being breached. In fact, studies show that 81% of hacking breaches occur when a person’s login credentials are compromised.
Devices that are lost or stolen – It is common for handheld and portable devices to be lost, stolen or misplaced. Work mobile phones are often lost or stolen, which presents an opportunity for business data to be viewed and/or shared. The portable nature of laptops means these are also easy to lose. It’s estimated that a laptop is stolen every 53 seconds in the UK. Losing a laptop can be quite a problem, especially if files are stored locally on the device and if it isn’t password protected.
Unsecure access – Mobile working is on the rise, and employees often access work data, emails and files on their own devices. The issue here, is with encryption and the vulnerability of personal devices. Data can easily be breached in this scenario, when a personal device may be less secure than a work one.
Lack of anti-virus or expired protection – This is a common problem in companies where computers run expired or old antivirus software that isn’t fit for purpose anymore. A new malware specimen is released every 4.2 seconds, which is why it’s so important to keep antivirus security measurements current.
Ransomware/Phishing – One of the major threats in the cybersecurity world is the use of ransomware or phishing emails – when a person receives a fake email which looks like an email from a credible organisation. These emails are used to gather information, by forwarding the person to a similar phoney website pretending to be another. It’s thought that 91% of cyberattacks start with a phishing email.
Leaked data – These days, it’s common for people to share information with people outside of their business in a way that isn’t secure. This poses a significant risk for companies, with around 58% of users accidentally sharing sensitive information. The result can be unwanted access by unauthorised people, to confidential company data.
To help combat these problems and better protect their IT network, businesses need a cybersecurity strategy that educates the people in their organisation about the potential threats to security, the implications of a data breach and how to avoid them.
There needs to be a technology-focused strategy to help reduce the chance of these issues arising, alongside a company culture which takes cybersecurity seriously and where each person knows how they can play a part in protecting company data.
With GDPR having come into effect in mid-2018, it’s more important than ever that companies realise the importance of protecting their data, and the financial repercussions they could face if they do fall victim to a breach. People are starting to understand that the onus is on businesses to keep their data safe, and they expect the highest levels of online security to be in place to achieve that.
In cases where the public’s data has been compromised, companies have faced huge fines. Perhaps the most damage isn’t to their bank balance but to their reputation. People are massively deterred from using companies who have suffered a data breach in the past; and who can blame them?
The software, hardware and proven data security strategies are available for companies to ensure they don’t have a data breach. Now it’s up to them to use these.
Read more: