Understanding cybersecurity has become one of the “must haves” for any business, but when it comes to advice, how do Gloucestershire businesses separate the “must haves” from the myths?
As part of SoGlos’ ongoing #CyberGlos campaign, which celebrates the considerable expertise in the cyber sector in Gloucestershire and supports the county business community, we have written the following article in the hope that it will dispel some of the common safety myths.
About the Sponsors
Charles Russell Speechlys’ Cheltenham office advises regional, national and international clients ranging from multinational listed companies, government organizations, limited companies and partnerships to entrepreneurs, individuals and their families. Its dedicated technology team includes experts in data protection and cybersecurity.
Salus Cyber is a certified provider of world-class cybersecurity services, based in Cheltenham. He helps clients identify and manage their cyber risks proactively and effectively and is the cybersecurity partner of choice for leading industry organizations in the UK and Europe.
The University of Gloucestershire is an integral part of the county’s online community. It was the first institution in the country to offer apprenticeships leading to a cybersecurity degree, and its undergraduate and postgraduate programs help develop specialists in this field.
1. Small or medium-sized businesses are not the target of cybercriminals
“We’re too small… no one would be interested in what we do” is a common refrain in many small and medium-sized businesses when asked about their cyberattack.
Experts will tell you just the opposite. Small businesses often lack the sophisticated software or large enterprise security team, making them an easier target for cybercriminals.
2. Passwords! We already have strong enough passwords
If you think your business has strong enough passwords and that those alone will deter cybercriminals, think again. Experts are now advising “two-factor authentication” on the agenda. This means a password and a second “username”.
Likewise, a single password is not enough to secure a Wi-Fi network. Good security if the sum of its parts. At a minimum, staff should use virtual private networks (VPNs) to secure their connections.
3. We have never been attacked – so we need to be safe
If you assume your business has never been attacked it’s because your security is so good, more likely it’s because you’ve been lucky – until now. Cyber attacks are more and more sophisticated.
Develop a strategy that allows you to react quickly to a security incident, mitigate any damage before it becomes significant, and learn.
4. We follow all industry regulations – so we need to be safe
While complying with industry regulations is essential, for your reputation and safety, you should not compare yourself to these to measure the quality of your safety.
They often contribute only the bare minimum to the security of your business. Carefully consider whether the regulations cover the scope of your critical data and systems.
5. It is the responsibility of our IT department
Don’t leave all of the responsibility for managing your company’s cyberspace to your IT department.
While IT will have the lion’s share of the blame, everyone in an organization should play their part – not only to detect and deter, but also to report any suspected breaches.
6. We only have to worry about the security of Internet applications
Securing Internet applications is essential, but they should not be the only goal of your business.
If a member of your staff uses a USB drive that contains hidden malware, plugs in a phone or laptop that is commonly used for personal use, your organization could also face threats. It’s about having a layered approach to staff safety and education.
7. We don’t have to worry – our security provider has everything under control
As good as you might think your third-party security provider is, they’re not alone. It is crucial that every business seeks to understand security risks, develops policies and practices to ensure its security, implements them and regularly reviews them.
8. Our anti-virus and anti-malware software will keep us safe
If you don’t have anti-virus and anti-malware software, you should get some, but don’t rely on it to keep your business safe. It will not protect your computer from all cyber risks.
A comprehensive cybersecurity plan must also include response plans and employee training – and this must be ongoing.
9. We have checked all of the above boxes and are completely safe.
If you’ve read all of the above and haven’t figured it out yet, achieving good cybersecurity is an ongoing process. Just as criminals develop their methods to attack your business, you must continue to adapt, learn, and update what you are doing.
Continuously monitor, perform internal audits, train, review security policies, and integrate best practices into your key business processes. Make it part of your business culture. It will make your business more secure, your customers and suppliers more secure, and help protect your business.
This article is part of SoGlos’ #CyberGlos campaign, supported by Salus Cyber, Charles Russell Speechlys and the University of Gloucestershire, to advocate for corporate stories related to cybercrime in Gloucestershire. Visit soglos.com/cyberglos for more information.
Follow SoGlos on LinkedIn and sign up for the weekly SoGlos business newsletter for the latest business news from Gloucestershire.
Thursday 07 October 2021