9 common small business cyber security mistakes

As cybercriminals set their sights on smaller businesses, we look at the most common cyber security mistakes – and how to avoid them.

What is cyber security?

Think of cybersecurity as locking the digital doors to your business – shielding your digital infrastructure, networks, and data from cybercriminals eager to get their hands on your sensitive information.

If you’re a small to medium-sized enterprise (SME), you might think you don’t need to worry. But cybercriminals are increasingly eyeing up SMEs as a perceived softer target.

Almost half (43%) of cyberattacks are now aimed at small businesses, but only 14% of SMEs think they’re properly prepared. And human error is a big factor – 52% of breaches were caused by someone’s cyber security mistake.

But it’s easily done. Sophisticated cybercriminals are masters at hiding their tracks.
The upside is it’s also easy to learn from mistakes.

Common cyber security mistakes to make and how to combat them

• Sharing passwords

While it’s often limited to accessing licensed business software applications, it's a serious cyber security mistake that can spell trouble. At best, you may be giving someone unauthorised access to applications. At worst, it could lead to data breaches and identity theft.

• Weak passwords

Cyber incidents often result from weak, easily guessable, reused, or sequential passwords. Protect yourself against both common cyber security mistakes by using strong, unique passwords for each account. Boost your defences with a password manager and two-factor authentication (2FA) wherever possible.

• Clicking suspicious links and email attachments

Cybercriminals love banking on people's busy schedules and hasty clicking habits. But this gives malware and phishing attacks the green light. Stay vigilant. Hover over links to inspect the URL and verify the sender before opening attachments. And keep your computer or mobile device safe by downloading the latest antivirus software.

• Sharing data

Sharing sensitive info without proper encryption exposes you to leaks and privacy breaches. Only share materials with people you trust, and encrypt files and sensitive emails for extra protection.

• Using work devices for personal use

Mixing work and personal activities on one device might seem convenient, but you run the risk of malware – and breaking company policy. Keep work and personal use separate, avoid downloads from unknown sources, and stick to workplace IT guidelines. If you really need to use your work device for personal matters, secure your connection with a Virtual Private Network (VPN).

• Out-of-date software or apps

Cybercriminals are constantly upping their game, releasing new malware daily. Not all software systems automatically hunt for new versions, so look out for updates and security patches to plug any vulnerable gaps.

• Lack of training

If your people are unsure what to look for, and what to do if they suspect suspicious activity, you’re leaving yourself wide open. Carry out regular training sessions on spotting attacks like phishing, email hacking, malware etc. and link it to your business for maximum engagement.

• No back-ups

A cyberattack can corrupt or lose your data. In a best-case scenario, it can take time to get back up and running, but losing your data permanently can spell disaster for a small business. Run regular back-ups and store it securely off-site.

• Not having a plan

Acting fast is crucial to minimise the fallout from a cyberattack, but if no one’s sure what steps to take or who’s doing what, the damage could be devastating. A cyber security plan is your roadmap. Outline the steps you’ll take to protect yourself, including individual responsibilities, and make sure people can access it in an emergency.

The bottom line is that preventing cyber security mistakes is a good investment. The global average cost of a data breach in 2023 is estimated at USD 4.45 million, with each compromised record setting you back $164. But that’s not all. Alongside any legal and financial hit, you could lose your reputation, trust, and future revenue as your clients and partners go somewhere safer, leaving you in a precarious spot.

For more cyber security help for small businesses, visit our cyber security hub to help keep your business safe and secure.