Here’s a teaser: 55% of small to medium enterprises reported falling prey to a cyber attack. I don’t know about you, but 55% is far too big of a number to ignore. The figure is a tell-tale sign of how vulnerable people can be on the internet.
Of course, since the statistic says “small to medium enterprises,” it should tell you that the “I’m-too-insignificant-to-be-even-under-the-hacker’s-radar” logic is a fatal mindset to adapt. Case and point: you are at risk too.
Allow me to share with you three things that you might be doing right now that’s jeopardizing your company’s system's safety.
1. Being Complacent With the Shadow IT
Fun fact. Did you know that you’ve got two IT departments in your organization? You've got a legit IT department, and you've also got a shadow IT. Now you might be asking the same question I asked when I first heard the term. “What on earth is a shadow IT?”
Your shadow IT department is made up of anyone in your organization who uses data systems and solutions not prescribed by your official IT department. These individuals may be using utility tools, software, and online platforms without first informing IT about it.
Allowing such practices may put your company at risk. The programs being employed by members of the shadow team may contain malicious software linked or integrated into them.
Due to their ignorance, these individuals download and utilize these tools without taking proper safety measures beforehand. The next thing you know, your organization's data has been breached and you’d have to spend thousands of dollars to repair the damage.
You can prevent your company's systems security from being compromised by advocating open communication and education.
We know that the IT Department was hired to be your company’s authority with regards to systems and data management. In that respect, a good rule to practice in your organization is “Thou Shalt Not Assume.” Just because IT didn’t say anything about a program doesn’t mean it’s automatically safe to use. Employees who desire to use any new software or tool that has not yet been prescribed by the department should ask their permission first before using.
Recognize that the IT cannot police over the actions of all of the organization’s employees all the time. Henceforth, regularly having the department hold talks, training, and seminars to all your company employees regarding information security will allow for a natural protective barrier among the members to form. Though this method may not bring the shadow IT out in the open, it at least provides a preventive measure that assists in equipping them for better self-governance — minimizing the risk of data breach or cyber compromisation due to their lack of knowledge.
2. Not Tracking and Recording Data Flow
Data is the life and blood of most organizations. Statistics, reports, research, product blueprints, and developed content are just some examples of data that can make or break a company. These types of information often get exchanged between employees in a firm.
One reason for vulnerabilities within a company's system is its complacency in tracking data flow in and out of the organization. The files and information can be passed on to individuals uninvolved in the operations, and these people can use the data maliciously.
Two suggestions in tracing data movement inside and outside an organization are to employ accountability solutions and to record outbound transactions.
Employ Accountability Solutions
Openness is a prime highlight in easing data flow monitoring within a company. Therefore, utilizing work systems that allow for transparency encourages everyone involved to self-police and ensure that confidential information remains within the team. Asana is an example of a platform that allows groups to track output movements and has open communication features integrated into it. Teamviewer is another tool that connects desktops together and allows file transfers to be monitored in real-time.
Record Outbound Transactions
In respect to keeping a record of data movement, organizations should practice collating a list of all the data transfers that members send out of their team. Supervisors are usually ideal for holding this information as they are accountable for their members' outputs. All outbound emails that contain sensitive data should be carbon copied and also sent to the respective superiors involved. These managers should be notified of any content or information released to individuals who are not part of the team.
3. Foregoing the Basics
These are some of the basic mistakes that some business owners are making, that’s putting their companies at risk of getting hacked.
Do Not Use Common Passwords
A study conducted in 2016 shows that 17% of 10 million individuals use “123456” as their password. Other common passwords that take up 50% of 10 million include “qwerty,” “111111,” “password,” and “google.”
Now, you may not be using these common passwords, but your employees might. Therefore, creating password policies to prevent your organization from falling prey to this epidemic can certainly add a level of security to your systems.
Alternately, you can use password managers, such as Keeper, to enforce the use of longer passwords while giving your employees the convenience they need in logging into their accounts.
Do Not Store Passwords in Your Browser
Here are more statistics. 59% of millennials store their passwords on their web browsers. This percentage is alarming, as it is surprisingly easy to obtain passwords stored in these programs.
Your passwords may be at risk of being stolen, especially if your computer uses a shared network. If you want to store passwords in browsers, consider availing yourself of third-party password manager plug-ins such as LastPass. These programs come with security safeguards that are harder to crack for hackers.
Do Not Click on Unknown Links
PC Mag talked about a link clicking experiment by Dr. Zinaida Benenson conducted on 1,600 university students. The study revealed that 56% of email recipients who were addressed by name fell for the bait. Your employees may also be at risk of falling prey to these scams.
Clicking on the link may lead to malware being installed on your company’s server — compromising all your organization’s stored data. Educate your employees to practice vigilance and not to click on any links that they are unfamiliar with.
Get hacked once, and you can easily find yourself missing out on hundreds of sales (even thousands). If you’re lucky, then that’s the only thing you’ll lose.
If worse comes to worse, the hackers might find their way into your personal details like your SSN and credit card info (among others things) then wreck not just your business, but your personal life too.
Unfortunate situations like these should be avoided at all costs. That is why cybersecurity for start-ups or even for mid-sized companies should never be neglected.
The sooner you equip yourself with cyber security best practices and online security preventative measures, the less likely you’ll suffer the catastrophic experience of getting hacked.
Have you ever been hacked? Please share your horror story in the comments section below and how you managed to recover. Cheers!