News & Blog

Read the latest business news, blogs and thought leadership articles from our members, as well as updates on the Edinburgh Chamber of Commerce's work in the city.

News & Blog

Is your business guilty of these top 4 Cyber Security Mistakes?

Posted: 15th May 2018

Just as one-size-fits-all clothing does not quite ‘fit’, there isn’t a perfect one-size-fits-all cyber risk plan for businesses either. There are however, core security principles that every business should uphold. If your business has its head in the sand when it comes to cyber security, take note.

These are the four most common mistakes that businesses make when trying to protect themselves. Business Development Executive, Michael Hashim, sheds light on the most common cyber security mistakes that businesses make and how to avoid them, as revealed by an article in BRINK .

Mistake #1: Assuming that you are not a target

Regardless of location, whether large or small, almost every industry is vulnerable to attacks. Often it is reports of big, highly established businesses that make the headlines, and as a result, businesses who do not handle large quantities of data often believe that they are not a desirable target for cyber attacks. In reality, criminals are conducting assault campaigns in every sector. They are trying to penetrate your networks, accessing your information and assets. All businesses will hold something of value, including yours. After all, you are in business and customers are buying your offering.

Solution #1: Take the risk seriously. Address cyber security as a business priority. Have professionals conduct penetration tests. Identify vulnerabilities in your business technology, people and processes. This way you can build stronger defenses.


Mistake #2: Approaching security as just an IT issue

 You might think that your IT technicians are ultimately responsible, but everyone in your business has a responsibility to protect your business’ core assets. Technology plays a part in your business solution, but it is not the full solution.

Solution #2: Focus not on protecting personally identifiable information (PII) but also on guarding intellectual property, trade secrets, research and development. A cyber attack could affect your financial proposition, reputation and operations. Put clear policies and processes in place. Help your business and employees respond effectively should a cyber attack happen.

Teach your whole business – from the top to the bottom – how to identify, prevent and recover from attacks.


Mistake #3: Neglecting to understand and update your network

Businesses will never be able to prevent every attack; there are too many opportunities to exploit. Nevertheless, failing to understand your network or disregarding regular software updates, opens the door for an attack with minimal resistance.

Solution #3: Those responsible for your IT solutions must implement strong protocols to ensure that all software is valid. The business must know where its critical data is held, how big the network is and where the access points are. A business continuity plan can be critical to your business’ survival. Have a checklist of actions in order to ensure expedience in dealing with any incident.


Mistake #4: Relying solely on anti – virus technologies

In todays threat landscape, anti – virus technologies alone are not enough to prevent persistent and complex attacks. Hacker’s methods evolve faster than security companies can update their tools. What is compounding the challenge is that attackers increasingly employ malware – free intrusion tactics. In fact, less than 40% of attacks today involve malware. You cannot rely on security at the perimeter alone to keep your business safe.

Solution #4: Anti – virus software is still useful and must be current. However, responding only to threats that have already been identified will not suffice. Imagine being a supermarket security guard who lets a thief enter because the police have not released a description of the robbery suspect yet. A good security guard knows to look for suspicious activity, regardless of the information to hand. Traditional anti – virus solutions can catch basic malware. However, they are no match for attackers with stealthy intrusion tactics. Businesses need solutions that identify threats and the effect of an attack, even if there are no known signatures.

Cyber security does not happen in a vacuum. An all encompassing business plan presents the best opportunity to raise the bar on security and to keep the bad guys at bay. Cyber defense tactics and tools cannot remain static. They must be tested, improved and evaluated on a regular basis. Cyber attacks are a threat that has continued to evolve. This means that businesses must learn to adapt quickly in order to outsmart the enemy.

Read the full, unedited article and subscribe to get BRINK in your inbox here

To find out more about the common cyber security mistakes that businesses make, or for further specialist advice what action to take, please contact Michael Hashim at Jelf. Business Development Executive,, 07469 350261.

Business Comment

Business Comment is the Edinburgh Chamber of Commerce’s bi-monthly magazine. It provides insight on Edinburgh’s vibrant business community, with features on the city’s key sectors, interviews with leading figures and news on new business developments in the capital.
Read more here