Many business owners, big and small, still lack the awareness of basic cybersecurity practices for the next looming digital threat.
As the importance of cybersecurity has increased, so has our awareness of it. Poor cybersecurity has been identified as the most pressing threat to businesses today. Issues with cybersecurity often stem from a lack of cybersecurity awareness.
The reasons for this lack of awareness include no training on cybersecurity and persistent misinformation. Despite more media attention than ever, there are still some common misconceptions about cybersecurity that put businesses at risk.
That’s why as an employer, it’s essential that you promote awareness of cybersecurity across your company and ensure everyone that’s operating IT hardware and tech has the right attitude to prevent cyber-attacks from occurring. There are certain attitudes that need to be addressed to enhance your IT security.
Cybersecurity awareness isn’t my responsibility
IT security is still viewed as the IT team’s problem when that’s not the case at all. All employees have a responsibility to ensure the security of their business. Your people are the frontline of your defence and represent its biggest attack surface. They are the people hackers are targeting with phishing campaigns because they’re banking on a lack of security knowledge.
This myth can have serious consequences if your people don’t practice basic cybersecurity hygiene. If they don’t take care when clicking links in emails or downloading software, they could compromise your business’ security. Education is critical because your employees need to understand why cybersecurity is so important and that they have a role to play. Training will also equip them with the skills to spot threats and change their behaviour for the better.
Hackers don’t target small businesses
If media coverage is anything to go by, only large organizations like Yahoo, Uber and Marriott get attacked, right? Wrong.
This myth is particularly persistent because of mainstream news and the fact that hackers can potentially extort higher sums of money from these businesses. But the Federation of Small Businesses (FSB) reports that UK small businesses are targeted with over 10,000 cyberattacks a day. The same report highlights widespread weak security procedures in small businesses, including a lack of formal password policies, not installing updates, and not using security software.
While the financial gain from targeting enterprises is more lucrative, the stakes are higher for small businesses. Cybercriminals know this. A cyberattack could destroy a small business and force it to close, and that’s why one small business is successfully hacked every 19 seconds in the UK. Small businesses which have a limited cybersecurity budget should tap into the knowledge of an IT support provider that can advise on the most suitable defences.
Passwords will keep me safe
There are still two long-held misconceptions around passwords. The first is that adding capital letters, numbers or special characters to your one-word password will make it uncrackable. This myth is perpetuated by a lot of business accounts that have these requirements. However, the real measure of password security is length. Software can crack short passwords, no matter how “complex”, in a matter of days. But the longer a password is, the more time it takes to crack. The recommendation is to use a memorable phrase — from a book or song, for example — that doesn’t include special characters.
But determining a strong, (almost certainly) uncrackable password is only the first step. If the service you’re using is hacked and criminals gain access to your password, you’re still vulnerable. That’s where two-factor authentication (2FA) and multi-factor authentication (MFA) come in. These methods require you to set up an extra verification step. When you log in, you’ll be prompted to enter a security code which will be sent to your phone or even accessed via a dedicated verification app. That means if a hacker ever gets their hands on your password, they’ll still be thwarted.
