Recent research commissioned by leading technology services provider, Probrand has revealed 69% of UK small businesses currently use weak passwords to access important documents and internal platforms.
Analysing hundreds of small to mid-sized organisations, the Birmingham-based business conducted in-depth cyber-security risk assessments to reveal the current state of affairs and areas of critical improvement.
Shockingly, 47% of those in the assessment did not have up to date anti-virus software to detect hacking attacks. While nearly a fifth (15%) currently don’t have any firewall to protect them from cyber security breaches or attacks.
When looking at training, the research revealed almost half (48%) don’t provide any cybersecurity awareness training to help employees spot any potential risks when using their laptops or technology equipment.
Talking about the study in more detail, Matt Royle, Marketing Director at Probrand said: “It’s shocking to see so many businesses are not properly set-up to protect against or recover from a cyber attack, with many not having the proper software or training available to educate on the potential risks and impact of these types of attacks.
“In today’s society, it’s never been more important for businesses to really understand the financial risks presented by cyber attacks, coupled with the scale and complexity of these threats. Businesses need to up their game based on our research. Other findings revealed 29% of businesses had no patch management in place - a process which is critical in maintaining ongoing security and productivity.
“As it shows, businesses need to improve how they mitigate risks, defend and recover from cyber threats, which includes updating their cybersecurity stance from a technology and employee awareness perspective. Recent YouGov data revealed 49,000 instances of fraud happened as a result of cyber attacks and the average cost of a digital attack on a business is £15,300. These shocking statistics, alongside our own research showcase it has never been more important or necessary for businesses to take a new look at their current systems and procedures.”
As a result of this, Probrand has provided some simple and easy first steps to help businesses protect themselves from a digital attack:
1) Go ‘passwordless’
The new direction in the industry is 'passwordless' authentication in conjunction with Single Sign On (SSO). It has become clear that if users are forced to remember new passwords often, it results in them using easier to remember (but likely weaker) passwords. They will simply reuse existing passwords or just make slight adjustments, thus not really resulting in a truly 'changed' password at all!
‘Passwordless’ solutions like passkeys, physical tokens (e.g.
YubiKey), and biometrics are increasingly seen as more secure, by removing the burden of having to remember complex passwords or pass phrases. Thus, ease of use is improved for the user, but maintains, or even increases, the barrier for cyber criminals. Modern approaches are standards-based, and phishing-resistant, plus fully supported by modern identity management solutions.
2) Replace your old firewall
If your firewall is over three years old then it’s time to replace it - out of date technology does not defend against increasingly complex and evolving modern day threats. Firewalls provide protection against outside cyber attackers by shielding computers and networks from malicious or unnecessary traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Be sure it is configured by experts to turn on features to block certain types of traffic or applications whilst letting necessary data through.
3) Enable Multi-Factor Authorisation
Enabling MFA is increasingly required for secure access and cyber insurance policies. Not having MFA enabled poses a significant risk, as it allows unauthorised access with compromised credentials, making accounts vulnerable to cyber threats and security breaches. So, make sure this is done across multiple platforms, especially the increasingly sensitive or important ones. This is normally also free to do, so a quick and easy step to protecting your business.
4) Develop strong policies for employees
Ensuring strong policies are in place for cyber security is essential in keeping your business protected from threats. On top of this, it is also crucial to have an incident response plan, this can be established so employees can understand what needs to be done in the event of a cyber attack.
5) Training
Neglecting employee cyber awareness training exposes an organisation to heightened risks. Staff may inadvertently fall prey to phishing attacks, lack awareness of cybersecurity protocols, and become potential vectors for cyber threats. Investing in training is crucial to fortify the human layer of defence and mitigate security vulnerabilities.
So, it’s important staff are knowledgeable on the risks and impact of these attacks and training is the key to this. Try using simulated phishing exercises to test and educate employees on recognising and avoiding phishing attempts, this is a great way to test if the training is working. Promote a reporting culture, so encourage a culture of reporting suspicious activities and mistakes, fostering a proactive stance against potential cyber threats.
For more tips on how to protect your business from cyber threats, please visit the Probrand blog page here.