We all know that Information Security is essential for businesses and most business managers will recognise the importance of protecting business data as well as the personal data of their employees. However, despite that common recognition, some businesses still suffer from major data breach and go out of business because of that.
While all information security experts agree that the zero risk does not exist, this does not mean that organizations should not do their best to protect their sensitive information. It is the responsibility of business managers to set up the necessary Information Security Management System (ISMS) and fix the acceptable level of risk.
Here below is a list of common mistakes that business managers should avoid.
1. Underestimating the consequences of cyber attacks
Past studies revealed that 60% of businesses that have been victim of cyber attacks go out of business after 6 months. Despite this well-known fact, some business managers continue to underestimate the consequences of cyber attacks. This is mainly due to their lack of awareness regarding the liabilities that could possibly result from data breach. According to a study, 54% of small businesses interviewed think they’re too small for a cyber attack.
2. Failure to Address Known Vulnerabilities
This is a common mistake of business managers. According to past survey, 86% of respondents acknowledge that their businesses do not have efficient Information Security Management System. Most of them are aware of the lack of security measures and know their vulnerabilities. Yet, they do not allocate budget for information security purposes.
3. Neglecting data breaches
Without any doubt the worst mistake that business managers can ever make! According to a study, 65% of small businesses (victims of cyber attacks) have failed to respond to cybersecurity incident. 25% of them did not think that they would lose money.
4. Not having a backup plan
Statistics shows that 54% of small businesses don’t have a plan in place for reacting to cyber attacks. A survey revealed that 83% of respondents do not have cash aside for dealing with a cyber attack.
5. Depending on the IT team
According to a past study, 14% of business leaders interviewed think that their organisation have efficient Information Security Management System (ISMS). However, 65% of respondents acknowledged that their cybersecurity team is understaffed and that Information Security Incident management is under the responsibility of the IT team.
Incident management requires teamwork not just among the IT and Operations team, but throughout the organization to identify and alert when any anomalies are detected on your network. A response team should be formed across disciplines to reinforce teamwork and the importance to cyber-security.
6. Lack of training for employees
52% of data breach are caused by human errors. This shows the importance of training staffs on cyber threats and how to avoid those dangers.
An annual security training isn't enough. Make sure that your cybersecurity policy calls for more frequent check-ins with your employees. And make this a priority for new hires. They are the most dangerous link in the chain because they don't know the company policies. Give them lots of training early on to avoid costly mistakes.
All those mistakes mentioned above can be avoided. Ascentrix Consulting Ltd can help you assess your risk level, support your team to implement ISO 27001 (Information Security) measures, conduct Vulnerability Assessment and Penetration Testing (VAPT) for your cybersecurity testing and train your staffs to develop a security culture. Do not hesitate to contact us for a free consultation.
References: