The risk of cyber attacks continues to be a major problem for companies of all sizes, with the cost of security breaches rising last year.
According to the 2014 Information Security Breaches Survey published by PwC and commissioned by the Department for Business Innovation and Skills, for one in ten organisations the scale of the attacks was so severe, it caused them to change the nature of their business.
Unfortunately, in the rush to defend themselves against the exponential risks posed by cyber terrorism, many companies are making some fundamental mistakes in their cyber security policies. Here are four of the biggest:
1. Impossible goals
The most common mistake by most organisations is the drive towards a 100% secure environment, and whilst this would seem like an appropriate ambition, it remains an unfeasible goal.
Every organization must accept that its networks will have vulnerabilities and a targeted attack will result in a breach. The focus must be on prioritising the security of data on the basis of importance, speeding up identification processes and having robust recovery plans in place.
2. Narrow responsibility
Companies must acknowledge that the issue of cyber security is not simply the responsibility of the IT department. With the drive towards more accessibility and flexibility for workers, data has never been more vulnerable and technology can only go so far to protect it.
3. Bad practice with passwords
Many IT departments and end users believe they have strong and robust password protection, but closer inspection reveals this not to be the case. The basic principles apply here; use complex passwords, change them frequently and never re-use passwords across multiple systems.
4. Being unadaptable
Many organisations invest in world-class software and technology, and assume that an autonomous approach will protect them against hackers. Unfortunately, this isn’t the case and, in a war where specialist intruders are constantly developing their approach, so too must those who are vulnerable constantly monitor, adapt and invest in new technology.