Cybersecurity Mistakes Small Business Make


Doesn’t it seem like we’re being warned about a new cyber security threat every day? We hear about cybersecurity mistakes small businesses make on the daily.

Well, one can argue it’s for good reason. Last year, ransomware attacks alone hit 81% of all businesses.

According to the ‘2022 Cybersecurity Almanac,’ the cost of cybercrime is expected to reach $10.5 trillion by 2025.

However, we continue to see far too many businesses who are unconcerned about this issue.

If your firm is hit by a cyber-attack, you might lose more than just your data. Remediation or mitigation can cost tens of thousands of dollars.

At the same time, a cyber-attack on average, will cause you about 21 days of downtime. Imagine… 21 days of not having control of your businesses technology. It’s not worth thinking about.

Not to mention the lack of trust your clients will have in you, which may result in you losing their business.

It’s critical that your company takes the necessary precautions to keep your data safe and secure.

This will most likely mean you need to take a layered approach to your security. Multiple solutions can be in use to provide a degree of security that is appropriate for your business.

This lowers your chances of an attack. It also makes it simpler to recover if you do fall victim.

It’s important to note that you’ll never be able to completely secure your business against cyber-attacks. Not without completely securing every system to the point where doing business would be extremely challenging (and your staff would constantly be looking for ways around the enhanced security).

Achieving the right mix between protection and usability is the key to great cyber security.

There are three typical mistakes businesses make, and they are also some of the most harmful mistakes to make.

Is your business doing any of these?

Mistake 1 – Not Limiting Access

When it comes to accessing business files and applications, individual employees will have different requirements. If you give everyone access to everything, you’re giving criminals access to your whole network.

When someone changes roles, be sure you adjust their access privileges and revoke them when they depart.

Mistake 2 – Allowing Lateral Movement

The actual disaster may not be from a cyber criminal gaining access to an employees admin computer.

It really becomes problematic when they are able to move from your admin system to your invoicing system, then your CRM and finally into someone’s email account.

Lateral movement is the term for this. Criminals acquire access to one system and then move on to more sensitive ones.

They can start changing passwords and shutting out other individuals if they can get into the email of someone with admin credentials to other systems or even the corporate bank account.

It’s rather frightening.

Air gapping is one method of avoiding this. It means that you don’t have access to get from one part of your network to another.

Mistake 3 – Not Implementing a Plan of Protection

Businesses who collaborate closely with their IT partner to prepare and defend themselves are less likely to be a target.

And, if the worst happens, the provider can get you back on your feet sooner.

You should also have a current strategy in place that outlines what to do in the event of an attack.

The time it takes to respond to an attack will reduce significantly because of this. As a result, you’ll be able to minimize data loss and the cost of getting things back to normal.

If you suspect your company is making one (or two, or even three) of these mistakes, you must act fast. We can help.


If you’d like to find out more about what’s new in the tech world, make sure to follow our blog!

Call us and we’ll take a look at your present security setup.

Click here to schedule a free 15-minute meeting with Stan Kats, our Founder, and Chief Technologist. 

STG IT Consulting Group proudly provides IT Service in Greater Los Angeles and the surrounding areas for all of your IT needs.

Published with permission from Your Tech Updates.

Logo