The arrival of GDPR and the public naming and shaming by the ICO of high profile businesses has made Cyber Security a hot topic. So why is it that, despite data being one of their biggest assets, often businesses fail to protect it in the same way they do the physical things valuable to them?
The trouble is, it’s not just about IT. Yes you need tough firewalls, encryption and passwords. But these are rendered almost useless if the human aspect isn’t addressed. Without a good knowledge and understanding of the causes and effects of poor data security, companies leave themselves open to weaknesses. And the consequences can be huge: damaged reputations, unnecessary disruption, big costs.
Second only to its people, data has become one of a business’s biggest commodities. It’s up there with the bricks and mortar. Yet the problem is, it’s not often prioritised because the importance of protecting our data, and the ramifications of not doing so, haven’t been drummed into us.
Think about when we leave the house. We want to protect our valuables and we certainly don’t want a stranger stealing our things. Because if that happens, it hurts. It’s a hassle to clear up the damage and can often results in financial loss. So, it’s second nature to lock the front door, close the windows, maybe set the alarm if we have one. The same should apply to business data. It’s valuable. Jeopardising customer and supplier data can be damaging to a business’s reputation and the bottom line. Nonetheless, we can be complacent: we leave the top window open, give a key to a neighbour, even leave the key under a plant pot! All too often, businesses have the technical protection in place but are let down by their behaviours.
The toughest security software is only truly effective when there are policies and procedures in place, and people are educated on them. Businesses need to ensure their people understand what causes data loss and the potential pitfalls that can occur as a result. This can be so simple as ensuring employees lock their screens when leaving the desk, creating strong passwords, locking up equipment when it’s not in use, not leaving the laptop on the train! You can put all the safeguards in place, but if a junior employee receives an official looking email from a source pretending to be someone from your IT support company and this triggers them to give them access details for your server, the rest is history.
Equally, you can put all the technological safeguards available to your business in place, they won’t be 100% effective unless they’re set up correctly. Back to the analogy of securing your home – you can buy an alarm to protect the house but you need to know how to set it for it to work. This is the equivalent of buying a firewall and plugging it in straight out of the box without configuring it to work to its full potential. Don’t take shortcuts – invest properly in experts to manage your data security. The cost of not doing so can far outweigh the cost of paying a professional.
Businesses underestimate the capability and determination of hackers, they don’t always appreciate that hackers are continually targeting business, no matter how big or small, to find vulnerabilities that they can exploit. They work under the continued misapprehension that the probability of a cyber-attack or hack happening to them is low so they don’t need to worry unduly about it. Take the scenario of a house burglar. The burglar can case perhaps 100 houses on a street in one night searching for that open window. Now compare this to a hacker who can sweep 100 million IT systems in one night looking for security vulnerabilities to exploit. Perhaps that puts it more into perspective.
Complacency often appears because it is perceived that typically it’s the big brands who have been named and shamed in the press with huge ICO fines and therefore it is only those big brands who are being targeted by the cyber hackers. Facebook, Uber and Carphone Warehouse are to name but a few last year. However, more and more we are seeing SME’s being pulled up, especially following the enforcement of GDPR in 2018. SME’s should not be lulled into a false sense of security that they’ll be afforded leniency by the ICO for their complacency. ICO fines for data security breaches can be crippling to a business, no matter the size of that business.
Don’t be fooled into thinking that Cyber Security is all about IT hardware and software, it is as much about education; how to recognise threatening behaviour, the possible pitfalls of data loss, the need to educate the workforce on data security. Don’t make that next ICO fine headline - take time to put policies and procedures in place, communicate them and make sure they are understood and practiced.
Don’t pay lip service to data protection: just installing a firewall isn’t enough, just installing anti-spam and anti-virus software isn’t enough, just assuming that “out of the box” malware protection is going to help protect your business isn’t enough. Make sure your firewall is correctly configured, check that your anti-virus and anti-spam software is always up to date, make sure your malware protection is working for the good of your business and not for the gain of the hacker.
For expert advice on securing one of your business's most important assets, contact Quintech.