Most small businesses don’t know the first thing about securing a network and neither does their IT staff. In fact, most fail at network security without even trying. Here are the top 5 things they are doing (or not doing) to expose themselves to attack.
1. I’m too Small to be Hacked
This mindset is prevalent in the small business community and as a result, most businesses don’t bother to worry about it. They are well on their way to a data breach, and since 74% of small businesses have suffered a data breach, they have already failed and a large number of those probably don’t even know it yet. To make matters worse, because they have little to no security awareness, when they are breached they are typical unaware of the breach for over 200 days and when they finally do become aware of the breach, they do so because law enforcement knocks on their door and tells them problems such as ID theft and credit card fraud has been tracked back to their network. Considering the average cost of recovery from a data breach can be tracked to somewhere between $130 and $500 per person they have to notify they lost their data, this can force many small businesses to shut their doors. One would think logic would tell them that if their home computers have had security problems such as viruses, ransomware, etc. then certainly their business is at least as likely to be targeted. The best thing you can do to ensure your success at failing is to pretend it won’t happen to you.
2. Trust IT Staff to Handle Security
Your IT staff is probably top notch. You pay them well, or outsource it and forget about it. THe trouble is, they have no experience in the security sector. Sure, they can set up a network, computer, server, firewall, and more, but in their busy lives of making sure things work as expected, do they have the training and background to test and ensure security risks are as limited as possible? Each area of the information technology sector is specialized similarly to the medical industry. If you’re going to trust the network guys to know security, why not the programmers? Can the network guys secure applications? You wouldn’t go to the optometrist for that odd spot on your skin. Even if they the IT staff is excellent with security, the best thing is to have an outsider verify things are properly working. A security expert can give you a different perspective on your network. We’re trying to fail at network security so let’s just leave it out of the hands of specialists. I’m sure that spot on your skin is just a mark from a Sharpie anyway.
3. Don’t Train Employees
Employees are the first line of defense and it’s best to keep them in the dark when it comes to security procedures. If they suspect they have made a mistake and let some sensitive information out the door, it would be best if they didn’t know the proper channels to communicate that to management. They probably should go ahead and click on every link they get in emails and never verify who someone is just because they say who they are. If they don’t know how to report suspicious activity, they may just go ahead and forget about it further ensuring your failure at security.
4. Don’t Install Antivirus
This one is a no brainer. What better way to fail than not do one of the most basic things you do at home? Having a good antivirus tool is crucial to helping prevent problems on you computers and servers. Having centralized management of the business’s antivirus helps keep track of when new definitions are pushed to machines and which machines may be missing updates. If you want to fail at security, it’s best to not have a firm grasp on the antivirus situation, or better yet, just don’t have any protection at all.
5. Give Everyone Administrative Privileges
Why say “no” when you can say “yes!” Put another way, why go through the trouble of having to manage what gets installed on employees’ computers when they can do it themselves? Giving the staff full rights to control their computer let’s them install anything they want on their computer including pirated applications and malware. What fun! Not only can you run the risk of a malware outbreak, you can get sued for licensing violations! Perhaps more fun, if a hacker gets a hold of their account, they can have administrator privileges too! What better way to fail at network security than hand over the keys to the kingdom?
More Ways to Fail at Network Security
Obviously this post is full of sarcasm and hopefully you have learned a few things you should NOT be doing in your company. For more tips on what not to do, contact us below.
Don't Be Shy
Drop us a line anytime, and one of our customer service reps will respond to you as soon as possible.