Cybercrime, which encompasses all manner of data hacks and online attacks, is fast on the rise and has the power to disable your small business if you fail to put measures in place to prevent them.
The Department for Digital Culture, Media and Sport recently released its Cyber Security Breaches Survey. Findings revealed that 42 per cent of micro/small businesses had identified a cyber breach in the past 12 months, costing them on average £4,180 in lost assets. The consequences of these attacks included the corruption of software systems, stolen intellectual property, permanent loss of files, personal information and data and taken down websites.
Despite the very real risks posed by cybercriminals, figures released under the Freedom of Information (FOI) Act revealed that human error is a staggering seven times more likely to contribute to data protection breaches than dreaded hackers. Mistakes of this kind are likely to bring about losses to a business which are just as detrimental as any calculated outside cyber attack. These types of error could therefore cost small businesses heavily in terms of lost profit margins, reputational damage and decreased productivity.
There are a variety of common, everyday internal risks when it comes to data privacy infringements which are entirely preventable. It is vital that you are aware of them so that you can implement data protection laws and frameworks to protect your operations and bottom line.
Happily help is at hand to guard you and your small business against human errors. Hosted desktop provider Cloud Geeni explains here the top mistakes being made and how you can avoid them.
1. Handling personal data
Without having adequate security measures in place, it is easy to see how printed information left on a desk could be viewed or stolen. But even unattended computers are a threat because if someone sits at a desk other than their own, they could easily get access to data which they are not authorised to see. To protect your employees from this threat, implement a ‘clear desk and screen’ policy and ensure that the entire workforce abides by it.
2. Phishing attacks
According to IT security firm Mimecast’s State of Email Security 2019 Report, 94 per cent of organisations have experienced either phishing or spear phishing attacks in the past 12 months. This is why it is vital that you and your employees recognise fraudulent attempts to obtain sensitive information, such as usernames and passwords.
Criminals are getting more sophisticated and sometimes it is often almost impossible to tell a fake email from a real one. As such, businesses should look at how else they can improve resilience against phishing. For example, by implementing trusted anti-spoofing controls such as DMARC, SPF and DKIM.
3. Confidential data
If personal and sensitive data is not correctly disposed of, it runs the risk of falling into the wrong hands. As such, your organisation should correctly destroy and get rid of all confidential waste. This could be via a corporate shredding policy or through a media destruction service.
4. Unauthorised systems, apps or devices
Systems, apps and devices which are not effectively managed are vulnerable to attack. To that end, it is vital to establish which devices and applications employees are permitted to use. It is also essential to prevent your employees from installing unauthorised software on to their work devices to avoid the risk of malware and ransomware virus attacks.
Where people are using personal devices to access confidential information, businesses should create a ‘bring your own device’ policy. This will confirm exactly which devices and applications are allowed to access a given network, where and how they can be accessed and the consequences of breaching the policy.
5. Emails
Mistakenly attaching the wrong information to an email and misspelling an email address and sending it to the wrong person are also common data privacy errors. In response, you must have strict policies and procedures in place to ensure the safe processing of information.
6. Offline data
Online data is not the only worry for businesses. Sticking the wrong address label on an envelope and posting it to the wrong person could carry equally serious consequences. So, when it comes to data protection, it pays to consider all the different ways in which data is used and shared.
7. Remote workers
Today, increasing numbers of employers promote flexible working and, subsequently, allow their staff to work remotely. While this has many positive benefits, such as improved work-life balance and productivity, the simple fact is that the removal of personal and sensitive data from your office generates increased data security risks. Merely leaving a laptop open when working on a train could result in a severe data breach for your business. In fact, according to software giant iPass, a remote/mobile workforce is the biggest threat to a company’s data security.
To help prevent data loss or theft, you must implement robust policies and procedures. They include Two Factor Authentication (2FA), for secure cloud access, adequate password controls, installing antivirus software and the ability to quickly remove sensitive data from devices remotely.
8. Employees
In many cases, data protection is not taken seriously and human errors occur because people do not understand their own personal data protection responsibilities. As such, your organisation must have an acceptable use policy (AUP) in place which spells out what is and is not acceptable when it comes to using digital technology.
In addition to creating an AUP, you should ensure that all employees receive regular data protection training to make certain that they understand the potential consequences of breaching data protection laws. They should understand the common threats and be fully aware of the online safety rules and their obligations.
Takeaway
When it comes to data breaches, understanding, knowledge and training all provide your best means of defence. Being aware of potential human errors in the workplace and the consequences will go a long way towards protecting your small business and its employees.
Subsequently putting strategies and frameworks in place to protect against them means that you can dramatically reduce the chances of a damaging data breach taking place on your watch.