1. Believing it won't happen to you

2. Having untrained employees

3. Not updating software

4. Failure to back up

5. Not engaging qualified experts to handle cybersecurity

As a small business owner, you know the importance of attention to detail in every aspect of your day-to-day operations: knowing what your customers need, delivering a solid product or service, keeping an eagle eye on your finances, hiring and keeping the right people on staff to maintain and grow your organization.

But one detail that can be too easy to overlook is the technology that ties together all the interlocking pieces of your business, from management and marketing to finance and human resources. It's not just a matter of making sure your computers, servers, network and internet are up and running when you need them. You need to make sure you're protecting your IT and data for all of those pieces to fall into place and stay that way.

What are the top mistakes businesses make regarding how they approach managing IT? The common thread: cybersecurity.

1. BELIEVING IT WON'T HAPPEN TO YOU. Almost one-third of the total breaches in Verizon's 2020 Data Breach Investigations Report (DBIR) hit small businesses. But although nearly one in five small businesses reported having experienced data breaches or cyberattacks in a January 2020 study by small office security company Bullguard, 43% of businesses with 50 or less employees have NO cyber security defense plan at the ready. Worse, 60% of small business owners in Bullguard's survey don't even believe that they are likely targets of cyber criminals. Bullguard CEO Paul Lipman sums it up: "Small businesses are not immune to cyber attacks and data breaches, and are often targeted specifically because they often fail to prioritize security." Given that the average total cost of a data breach is $3.86 million, according to a 2020 report from IBM and the Ponemon Institute, is thinking "It can't happen to us" a gamble your business can afford to make?
   

2. HAVING UNTRAINED EMPLOYEES. According to Kaspersky Lab's annual Global Corporate IT Security Risks Survey, 90% of corporate cloud data breaches are caused by social engineering attacks targeting companies' employees rather than problems caused by cloud providers - or as Next Century Technologies president Tracy Hardin puts it, 9 in 10 of all breaches "go back to a bad email attachment, malicious link or other employee mistakes." Employees inadvertently put businesses at higher risk of cyberattack by posting too many details about their employers on social media, web surfing or sending personal email on their work computers, and not educating themselves about cyber risks. Even online dating scams pose potential harm to your organization! It falls to owners and management to ensure that staff receive ongoing training and testing to facilitate good cyber hygiene. Employees can then become a strong first line of defense against bad actors.
   

3. NOT UPDATING SOFTWARE. Updates don't just improve the performance of your business software. They're essential to ensuring that security vulnerabilities are addressed as soon as possible. That applies to every surface your company presents to the internet. Installing a firewall and top-notch security software on your servers and PCs is only the beginning. Cyber criminals are constantly finding new ways to gain access to your networks and the trove of data your business possesses. Updates help keep you prevent them from worming their way in by plugging security holes as quickly as possible.
   

4. FAILURE TO BACK UP. Businesses should regularly back up their data - ideally both to the cloud and locally - as part of a robust disaster recovery plan. A ransomware attack can stop your operations dead in their tracks, leaving you cut off from your data and systems by encrypting your files. Without strict data backup procedures, you could be left with no recourse but to pay hackers an exorbitant fee to regain access. Full backups are also necessary to get your business back on its feet should fire, natural disaster or plain old human error destroy files or hardware.
   

5. NOT ENGAGING QUALIFIED EXPERTS TO HANDLE CYBERSECURITY. Trying to manage everything on your own can be a recipe for disaster. A single IT person cannot keep up with all developments in technology, never mind the constantly shifting cyber threat landscape. Nor can an amateur staff member who handles the occasional tech glitch in addition to other job duties. A knowledgeable managed service provider (MSP) can perform a security risk assessment to uncover your unique security exposures and help you start to navigate them successfully. Choosing a full-service MSP with the cybersecurity resources, knowledge and technical chops to cover all the bases (we've got tips to help you find the right managed service provider for your business) can actually reduce overall IT costs to your business. A CompTIA study found that 46 percent of companies who partner with a managed IT services provider cut annual IT costs by 25 percent or more, while 50 percent cut annual IT costs by up to 24 percent. Those savings come on top of gains made from freeing up internal staff to generate revenue for the business.

If you have questions about cyber threats or want to protect your business, call ELBO Computing Resources at (605) 361-3720 or contact us online today. We've got the proactive solutions your company needs to stop attacks before they can happen.