Cyber crime myth busters

Cyber security should be something that all businesses have front of mind, in an online world where the risk:reward ratio is tipped, unfortunately, in the criminals’ favour.

A quick online search will show the biggest risks facing businesses as well as a plethora of advice on how to try to minimise exposure for yourself, customers and supply chains… but there is also a lot of misleading information out there that could lull people into a false sense of IT security.

Here are a few of the most common cybercrime myths:

1. Small or medium-sized businesses are not targeted.

This simply is not true. If you have a weakness in your IT security then you are at risk, whether you have a turnover of £10k or £10m. Smaller businesses often lack the sophisticated software or IT security back up of big firms which makes them easier pickings.

2. We have strong enough passwords.

Again, you may think your passwords are robust but experts now advise a ‘two-factor authentication’ should be standard. That means a password, and a second ‘identifier’. Similarly, a single password is not enough to keep a Wi-Fi network secure. As a minimum staff should use virtual private networks (VPNs) to secure their connections.

3. We’ve never been targeted – so we must be safe.

Not true. This may be down to luck rather than your security settings. Have an action and recovery plan that allows you to react quickly to a security incident.

4. We meet all the industry regulations so we’re safe.

Again, this is not a silver bullet to stop cyber criminals. Whilst keeping up with industry regulations should be seen as a minimum, consider further measures and whether regulations cover the scope of your data and systems.

5. Our IT department has it covered.

That maybe be true but don’t put all the responsibility for looking after your business’s cyber with your IT department. Everyone in a business needs to play their part and be aware and proactive – not just to detect and deter but to report any suspected breaches.

6. We only need to worry about internet-facing applications.

This should not be the only focus for your business. It only takes one member of staff to introduce malware via a flash drive or email link to trigger a network-wide crisis. Think about having a multi-layered approach to security and educating staff.

7. We have an IT security provider.

That’s good news but they are not on their own. It is crucial that every business understands the security risks, develops policies and implements and reviews them regularly.

8. Our anti-virus and anti-malware software is good.

Again, great - but also make sure you stay on top of the latest cyber risks and ensure you staff are aware through regular training and updates.

If you have read all of the above and tick every box, then congratulation – but the hard work doesn’t stop there. Good cyber security is ongoing and as fast as we development better defences the cyber agents are out there looking at way to break them down.

Continuously monitor, conduct internal audits, train, review and embed best-practice throughout your businesses. And don’t be afraid to ask and take advice from industry specialists. It could turn out to be the best investment you ever make.

For further information on cyber security for your business contact the NEBRC at: