Cyber security is commonly an area where small to medium-sized businesses fall short on, which is unsurprising given the increasing complexity of cyberattacks. With this post, we hope to provide you with some typical pitfalls that can be easily rectified to strengthen your organisation’s position against the latest threats.

1. Shared logins
Commonly used within teams, when employees share login details to allow access to workstations and software applications this creates security vulnerabilities. The convenience of shared accounts is not worth the lack of accountability with widened access, especially when confidential data is involved.

2. Weak passwords
With password generators and secure password managers widely available, there is no excuse for having inadequate passwords that are easily compromised. Effective passwords use a mix of lower-case and upper-case letters, numbers and special characters.

3. Unmanaged backups
As ransomware and cyberattacks become more and more complex, it is important to make sure that your data is backed up and to more than one location. A good combination of remote and on-premises backups is recommended and with the risk of data loss, a trained professional to monitor backup alerts is advised.

4. Open Firewalls
Firewalls are often overlooked, not configured properly and increasingly open to attack. To best prevent unwanted intrusions, your business should seek the assistance of a trusted professional to install, set up and monitor your network devices.

5. Sensitive emails
Adhering to secure email protocols is even more important with the introduction of GDPR, as information must be stored and processed securely. Encryption solutions, such as those offered by Microsoft 365 Business Premium, are effective to protect the confidentiality of any emails sent both in and outside of your organisation.

6. Weak antivirus
The first line of defence against threats of malware, most businesses have some form of antivirus. But it is often the case that consumer-level antivirus is inappropriate to protect organisations, especially when compared to the added protection and functionality that business-grade solutions offer.

7. Unsupported operating systems
Operating systems should always be updated as and when new patches are released, to protect cybercriminals from exploiting the vulnerabilities in the software or server. When vendors no longer offer support in terms of security updates and patches, like with Windows 7 or Server 2008, it’s highly recommended that you upgrade your environment to best protect your operations and prevent breaches.

8. Unmanaged file-syncing solutions
Free consumer tools for file syncing, such as Dropbox, are popular for use among teams to share and collaborate projects and files across devices. Yet while these can boost productivity and speed up processes, they should be avoided for use with business information. Where file syncing is required often, your organisation should implement business-ready solutions, such as Microsoft Teams.

9. Lacking security policies
Effective policies should be implemented and widely understood by employees, to govern the way that team members access, share and create data. A lack of clear rules and instructions can lead to serious vulnerabilities, particularly with permission-based processes and personal device usage.

10. Untrained employees
The human aspect of your organisation needs now more than ever to be vigilant with all aspects of cyber security. Training should be conducted on email security, device usage and security, and the protocols for when they may fall victim to cyberattacks. No matter how much is invested in sophisticated technical safeguards, poorly trained individuals can present widened risks of a breach.