We get it, running a small business is like juggling flaming swords while riding a unicycle – thrilling, but risky!
Cybersecurity might not be the first thing on your mind, but trust us when we say it should be. After all, most cybersecurity breaches arise from common mistakes and cybersecurity bad habits that are either about cutting corners or that you’re often not even aware of.
Businesses fall into cybersecurity bad habits as easily as individuals do and, with everything we’re juggling, staff don’t tend to consider the risks that these bad security practices are exposing the company to.
In this article, we list some of the most common cybersecurity bad habits that small businesses make in an effort to help you recognise them and avoid the risks that come with them.
Bad Habit #1: Not using Two-Factor/ Multi-Factor Authentication (2FA/ MFA)
The bad cybersecurity habit of a business not having Two-factor authentication (2FA) or multi-factor authentication (MFA) in place is purely about them taking shortcuts. It may seem like a bit of a hassle having to enter a code from your phone to access an account, but that extra step is an absolute “must” for a level of account security.
There really is no justification for businesses (and individuals) not using 2FA as a minimum in these times of ever-increasing cyber threats. After all, it only takes a few minutes to set up and you can even do it yourself.
By having it, you’re providing Multi-Layered security, where an OTP (one-time-password) in combination with a memorised password is needed to access your account, making it more difficult to hack. So, basically, 2FA/MFA is like having a bouncer at the door of your digital club, making sure only the right people get in.
How to avoid this bad cybersecurity habit:
Bad Habit #2: Poor Password Management
People often write down their passwords where others can access them, or share them with colleagues, or family members so that they don’t forget. Such poor password management makes it really easy for someone to get hold of your password and fraudulently hijack your account.
Here’s another scenario for you… Picture it: you use the same password for your email, your bank account, and your dog’s Instagram (yes, that’s a thing – here’s a personal favourite showcasing our very own Butters). That easy password management picture sounds pretty convenient, right? Well, maybe, but it’s also incredibly dangerous.
This kind of poor password management is like handing over the keys to your digital kingdom to cybercriminals.
How to avoid this bad cybersecurity habit:
Bad Habit #3: Treating Cybersecurity as a One-Time Thing
So, you hired an IT expert to set up your cybersecurity, and now you’re good to go, right? No way! Cybersecurity is not a one-time thing; it’s an ongoing process. Setting up some IT security policies and implementing some cybersecurity tools then forgetting about them is one of the biggest mistakes that businesses make.
The simple fact is that as technology continues to advance, so too do cyber-criminals’ attacks. For many of them, developing new programs and ways of exploiting your computer and/or network is their full-time job and the threat from them will always be evolving.
That means, as a minimum, you should be periodically revisiting your IT security plan and measures to keep your IT infrastructure safe and secure.
Think of it like gardening – if you plant the seeds but never water or weed, your garden will wither away.
How to avoid this bad cybersecurity habit:
Bad Habit #4: Not Having a Disaster Recovery Plan
Imagine your computer crashes, or a cyber-attack wipes out all your data. What’s your plan? If your answer is “I’ll figure it out when it happens,” you’re in for a world of trouble because, put simply, not having a disaster recovery plan is like sailing a ship without having any life jackets!
It’s such a common mistake for companies to focus only on preventive cybersecurity measures and to neglect to prepare for an actual security breach which is equally as important.
It’s a business owner’s worst nightmare to suffer a data breach. Losing data poses significant risks that can cause irreparable damage, not least from loss of customer trust (even after you do manage to get back to current levels of working). That makes having a reliable data backup and recovery solution in place an absolute “must” for every business, and a huge mistake if you don’t!
How to avoid this bad cybersecurity habit:
Bad Habit #5: Not Updating Employee Cybersecurity Awareness
Educating ourselves on ever-evolving cybersecurity threats is essential to counter them, but taking shortcuts that fail to make this a regular part of the company culture can quickly turn into a bad cybersecurity habit for lot of businesses.
The typical one-off IT security presentations during onboarding are not enough to prevent cyber attacks caused by human error. All it takes is for a unwitting lapse in concentration for an employee to click on a harmless-looking link, and your business could have a massive breach on its hands.
Regular interactive awareness training about cybersecurity threats and preventative measures, as well as phishing simulations will help turn your employees into your first line of defence against cyber threats. But if they don’t know what to look out for, they’re more like sitting ducks, or like sending soldiers into battle without training or armour.
How to avoid this bad cybersecurity habit:
Bad Habit #6: Being overconfident or Just Burying Your Head in the Sand
Let’s talk about the “it can’t happen to me” syndrome. Small businesses often think they’re too small to be on cybercriminals’ radars but the truth is that cybercriminals love small businesses because they often have weaker security measures.
Overconfidence and complacency are probably the biggest security risks your business can face. Having implemented all the right IT security controls, you’re in serious bad habit territory to think you are unhackable. After all, as recent reports suggest, it’s lack of robust preparedness that makes small businesses such an attractive target for malware infections, ransomware attacks, and data breaches.
You only have to look at some of the stats to realise how vulnerable small businesses are!
According to the 2019 Data Breach Investigations Report by Verizon,
According to the UK government’s ‘Cyber Security Breaches Survey 2023’ report,
According to the Barracuda 2022 cybersecurity report, small businesses are
How to avoid this bad cybersecurity habit:
Our final take on it
Bad habits: We get it!
Bad cybersecurity habits like the ones mentioned above are common and, to a large extent, understandable. This is especially true because small businesses generally lack the resources and expertise in security, compared to larger companies. But it’s exactly this that makes them vulnerable to opportunistic cybercriminals and puts them at a higher risk of being targeted by spear-phishing, virus infection, ransomware and other cyber attacks.
The simple truth
To be completely frank with you, there is always going to be the possibility that a threat may slip through the cracks. But you can protect your organisation, and your reputation, by establishing basic cyber defences that prevent, detect, and disrupt a cyber attack at the earliest opportunity to limit the business impact and potential for damage.
Invest in security measures, both in technology and user education
To combat new threats, an effective security system must be supplemented by machine learning security and have the ability to detect and respond to threats post-delivery. But even with top-of-the-range endpoint protection in place, your secret weapon should be your workforce.
By educating your employees properly and frequently about external threats, as well as about internal policies and security protocols, you create a well-informed workforce that can recognise the threats of cybercriminal activities and be your first line of defence in your battle against cyber attack.