If you follow the news, you’ve probably noticed that cyberattacks are on the increase. In recent years, we’ve seen an alarming number of companies fall victim to cybercriminals, including large multinationals that you would usually expect to be protected by impenetrable security.
However, hackers are growing increasingly sophisticated and brazen, and well-known companies are not the only ones at risk – they are merely the biggest headline grabbers. Many small-to-medium-sized businesses underestimate the risks. They are reluctant to invest in security because they assume nobody would target them, but this attitude plays right into the hands of the hackers.
To help you understand the shocking scale of the problem, European privacy authorities have received almost 90,000 data breach notifications since the GDPR went into full effect in May 2018. A survey carried out by the British government discovered that in the UK alone around a third (32%) of businesses and two in ten charities (22%) experienced cyber security breaches or attacks in 2018. The statistics leave no room for doubt: the likelihood of your business suffering a data breach is so high that you shouldn’t be planning for if it happens, but rather for when.
With experts forecasting that the cost of cybercrime will surpass €5 trillion by 2021, now is the time to prepare for the inevitable. Implement the right security measures early on in order to reduce exposure, minimise damage, and focus on running your business.
The best way to protect your business against data breaches is by bulking up your defences to make it harder for unauthorised individuals to gain access to your systems. There are a number of steps you can take to lower the risk of cyberattacks, including increased security spending and education.
External data breaches usually occur when criminals gain access to a device that’s connected to your network, for example an employee’s laptop or smartphone. According to a 2018 study on cybersecurity threats by PT Security, malware is the most commonly used tactic, accounting for 49% of instances, while social engineering (25%), and hacking (21%) were listed among other frequently used methods.
Fortunately, the solution is simple. Installing anti-virus and anti-phishing software on all endpoint devices would create a first line of defence against these types of attacks. In addition, any hardware or software that is exposed to your network should be updated regularly so that organisations can stay one-step ahead of the hackers. Solutions like KYOCERA Device Manager provide a user-friendly way to update security software across your entire printer fleet.
While external attacks definitely represent a serious problem, perhaps more alarming are those carried out by internal employees with malicious intent. Crowd Research Partners’ 2018 Insider Threat Report estimates that these account for roughly 36% of attacks. It can be difficult to achieve the right balance, giving your employees enough access to sensitive data to fulfil their tasks, but with enough restrictions to prevent them from stealing it.
In this situation, content management software could resolve the issue by giving you complete control over who accesses all the apps and data in your organisation. By keeping track of who views, copies, or modifies company files, you can spot unusual activity before it becomes anything more serious. Even without dedicated software, you should periodically review who is authorised to access which systems, devices, and networks. Also, don’t forget to cancel access rights for employees that leave the company, and reset passwords frequently to keep sensitive information safe.
Here it’s worth pointing out that not all internal data breaches are intentional. In recent years, there’s been a spike inaccidental data leaks. Too often, businesses underestimate the risks of employees inadvertently sharing sensitive information, but the 2018 Insider Threat Report estimates that 30% of security events can be attributed to careless or uninformed employees. This represents a huge threat that you can’t afford to ignore.
It’s essential to increase security awareness in the workspace. Many employees prefer to transfer sensitive data using their personal email or unsecured cloud drives because it’s more convenient and they don’t understand the potential dangers. Simple mistakes like these are due to ignorance, but they could have serious consequences for your company’s reputation and balance sheet.
People represent the weak link when it comes to data security, but education could reduce the risk. Employees need to be shown how to detect suspicious links, attachments, and applications; we would also recommend organising a few training sessions to teach them how to spot and report phishing attempts. Ultimately, you want everybody working together to beat the cybercriminals.
Security awareness campaigns are a useful way to spread the word about the importance of choosing the right passwords. Enforcing strong passwords should be a policy throughout your organisation. Your employees should not be using the same password for every device, each one should be unique, difficult to guess, and contain special characters. For an added level of security, you could even introduce multifactor authentication (MFA) using captchas or biometric data like fingerprints.
Unfortunately, according to the statistics there’s a good chance that your business will experience a data breach at some point. It’s unwise to assume that only household names will be targeted, and one thing you should never do with criminals is underestimate them. Take the necessary steps early on to reduce the likelihood of becoming a victim and be as prepared as possible for when you are attacked. This involves implementing the right security measures like anti-virus software and access controls, while also educating your workforce about the risks of accidentally revealing sensitive information.