5 cyber hygiene mistakes most businesses make

Mark Shepherd, head of general insurance policy at the ABI, outlines his learnings after launching a cyber safety tool for SMEs

This might sound strange, but there are lessons we can take from epidemiology about how we might tackle the growing cybercrime epidemic.

We all wash our hands to prevent the spread of germs. It comes naturally to us as a precaution. We are taught the importance of it from a young age given that good basic hygiene is crucial in containing the spread of potential viruses or bacteria.

Now cyber criminals aren’t germs, but their successful stings on businesses do encourage further activity. So, in a way, if we can halt their progress, we can dampen the proliferation of the crime.

And just like handwashing, more than 80 per cent of cybercrimes can be prevented through simple cyber hygiene.

Now insurance is important of course. But if we can cater to the cause and the symptoms together, it’s more effective for everyone. Plus, we know that some major systemic attacks wouldn’t be covered, so prevention remains crucial.

In September, we launched a free interactive tool to help SMEs assess their cybersecurity and plug any identified gaps. It’s easily found by searching ‘ABI cyber tool’. Since we launched, we’ve had hundreds of businesses take the test and through analysis of their answers we’ve uncovered the five most common cyber shortcomings:

  1. Bosses lack control over remote devices. It’s important that if you need to, you can locate, control and wipe a device remotely. This can be enabled through simple and free-to-download apps, so it’s easy to do.
  2. Businesses don’t kick the tyres on their disaster recovery plans. Even if businesses do have a plan for a cyber incident, they often don’t keep it up to date or test it. Yet there are free government exercises you can follow to do so.
  3. They don’t talk about cyber. Not that it’s taboo, but you can’t assume your employees are up to speed on cyber-crime trends. There’s free training from the National Cyber Security Centre that you can run regularly to keep your teams vigilant to the latest threats.
  4. Loose protocols on access. Who has access to what levels of software and data is not a decision to be made lightly. This applies to past employees as much as it does to current staff.
  5. Weak IP. I don’t mean intellectual property here, but Internet Protocol address, which can provide a way in for cyber criminals if it has undiscovered vulnerabilities. Yet there are free online tools to test the address and fix any issues.

I think you’ll spot a theme running through the above – that there are loads of free tools available to tackle basic cybersecurity. It’s just about knowing what you need. So, I recommend that you find three minutes to use our cyber safety tool and discover your own top five ‘cyber shortcomings’ along with the associated solutions that will help make your business more secure.

Mark Shepherd is head of general insurance policy at the Association of British Insurers (ABI).

Further reading

How to provide cybersecurity training for your home workers – Find out what cybersecurity training information to include, how to deliver it and what follow-up resources to provide for your home workers

How to choose a cybersecurity solution for your small business – The frequency of cyberattacks is rising, with 39 per cent of businesses reporting cybersecurity breaches over the last 12 months

Cyber security and data protection for SMEs – a podcast with the experts – In this episode, the UK Domain share a podcast of their latest webinar, helping small firms get to grips with cyber security and data protection

Related Topics

Cyber Security
Cybercrime