Today, businesses are more open to attack than ever before. There is no doubt that technology is helping hackers achieve results that were impossible in the past. Because of that, businesses are living in fear. However, businesses also don’t help themselves. It is true that hackers do a lot of damage, but it is mainly damage that businesses bring on themselves by making mistakes.
As a business owner, you understand that you are always on the edge with regards to your security. For that reason, there is no excuse to lose focus on security matters. When you make a mistake, no matter how small, you invite external sources into your private server. And, when that happens, all hell breaks loose.
You have to stop making these mistakes if you ever want to feel secure. Luckily, the majority of them are silly mistakes that are easy to rectify. All you have to do is understand where you are going wrong, and then you can make the necessary changes.
The ‘Subtle’ Post-It Note
Don’t let the heading fool you – there is nothing subtle about a Post-It note. There is especially nothing subtle about it if it contains all of your usernames and passwords to your online accounts. Anyone who gets their hands on that information can bypass all of your security controls and help themselves to your data. Think of it as the equivalent of leaving a house key under a plant pot. Effectively, you are handing them the keys to your business. Experts estimate a total of fifteen percent of all businesses make this mistake, and you might well be one of them. If you do, shred the note and memorize the details off by heart.
‘We Know Better Than You’ Ideology
The problem with running a business is that you have to deal with a lot of egos. For example, you will have employees that think they know better than the company. These are the employees that make independent decisions that are to the detriment of the entire firm. One example is turning off antivirus software. They believe that they don’t need the antivirus software because it doesn’t work or because it slows down their desktop. If they are connected to your server, they need it because a hacker can use them as a gateway. Always make your security policy company policy, and reprimand those that don’t adhere to the rules.
Leaving The Computer On And Unattended
As this post from ATB Technologies clarifies, a data breach is about much more than a strong firewall. You might have the strongest firewall on the market, with awesome antivirus software and a great security policy. But, none of that matters if you or your staff leaves their computer unattended. When a computer isn’t locked, you don’t need to go through any security protocols to tap into the information. And, a firewall certainly won’t help. The only way you can solve this problem is by shutting off all devices when no one is there to oversee their use. Make sure that someone has to input your password before they can browse your server. At least they have to perform a few tasks to breach that particular safeguard.
Opening Emails With Viruses
‘Yeah, but how do I know it has a virus?’ The answer is simple: it is from an unknown source or an establishment you don’t trust. Any email that looks dodgy probably is dodgy, so avoid it like the plague. Email accounts are the bane of the IT support team because they are a notorious weak point with regards to security. The reason is that anyone will open an email if it has the right description because curiosity is too tempting. But, it is also important to remember that curiosity killed the cat, or in this case, your business. Only open emails from people that you trust or that your antivirus software validates. That way, you know that it is safe and secure.
Using Weak Passwords
This has to be the biggest bugbear of them all because it is so lazy. A password is up to fifteen to twenty characters long, which isn’t very long. If you can’t be bothered typing that amount of characters every day, you are in trouble. It is a sign that you or your staff doesn’t take your security responsibilities seriously. Passwords are there for a reason – to protect private and sensitive information. The weak passwords don’t do this, and they publicize your information to any half-assed hacker. Again, make it company policy that passwords need to contain a mixture of upper and lower case letters, numbers and characters. These passwords are almost impossible to guess unless you have inside information.
Nowadays, no one sits behind a desk all day on a desktop computer. Those days are gone, and they are replaced by the mobile era. The mobile era is where businesses use mobile devices for business purposes to impact their success. For instance, working from a laptop means an employee can work from anywhere in the world. That improves the business’s efficiency and boosts productivity. It sounds too good to be true, right? Well, that’s because it is too good to be true. The problem with working with mobile devices is that they often get lost. It might not be intentional, but it happens. And, it is a major security breach when it does happen. Anyone can open the laptop and browse it for important information. If you do use laptops of tablets, install them with airtight security programs and don’t let them out of your sight.
Every business has an employee that likes to run their mouth. They are the ones that love the attention and can’t be quiet because what they have to say is more important. They are also the ones that cause major security breaches. For the most part, they won’t divulge classified information as they know it will come back to them and they will get fired. But, they will tell people things like changes to their password. It might sound far-fetched, yet it happens all of the time. Remind your workforce that there are some things you shouldn’t talk about outside of the office. If that doesn’t put your mind to rest, make them sign nondisclosure agreements. Remember that loose lips sink ships.
Not Enforcing Security Policies
What is the point of having security policies if you don’t enforce them in the first place? Unfortunately, you can’t always trust your staff to follow your instructions to the letter. Workers are like animals in the sense that they take the path of less resistance as it makes their life easier. The problem with an easy life is that it is insecure. You can deal with this issue in some ways, but the best one is an incentive-based program. Create a competition where the best security focused employees get entered into a prize draw at the end of the month and give them a cash prize. An incentive is the best way to people on board with your policies as they get something from the process. When they don’t get anything, they tend to rebel. A reprimand is also an option, but again most successful companies don’t rule through fear. In the end, it is a decision that you have to make alone.
Not Monitoring Employees
Okay, this sounds like it is from a George Orwell novel. But, the truth is that your employees are your biggest security risk. They are the ones that make the mistakes, and you pay for those mistakes. It makes sense that you create a culture of culpability so that everyone knows they are liable for their mistakes. Then, they will work hard to ensure they don’t fall foul of the rules. Plus, it also helps you figure out what went wrong and how you can fix the problem. If you don’t learn from your mistakes, you won’t make any progress.
High Staff Turnover
Businesses hire and fire employees on a daily basis. However, there is a security problem with firing employees: they can divulge private information. If your employees stay with you, they don’t have the opportunity to tell your competitors about your processes. Don’t think that hackers are the only people that want to look at your data – your rivals are desperate too. Another option is to make them sign nondisclosure agreements when they leave your service. Then, they are liable if they pass on any information to a competitor or third party.
Slow To Update
When you rely on online software, you have to update it every couple of months. If you don’t, your business is at the mercy of old and outdated software. Update everything you can from antivirus software to your device. That way, you have the best security measures in place at any one time. And, that makes a security breach less likely.
The mistakes above are small mistakes that most businesses can relate to. Still, that doesn’t mean that they aren’t a big deal – they are. It is often the smallest things that make the biggest difference.