Cybersecurity in business: why does it matter?
Today, digital systems are essential for millions of businesses around the world. From simple email communication to contract signing and customer relationship management, remote processes give a new level of flexibility, but also bring significant security risks. When it comes to implementing and relying on digital systems, cybersecurity is key. Overlooking it comes at a high cost, but the harsh truth is that many businesses put themselves at risk by not doing enough.
„Probably every cybersecurity expert would agree that the biggest weakness in information security are the people“, Insoft’s information security specialist Kęstutis Draugelis jokingly states. According to him, no matter how many security rules you implement, if your employees can find a way around them, they’ll take it. To avoid that, all security regulations and practices should go hand in hand with control and continuous enforcement.
Well-established companies and organizations hire competent experts to take care of data protection and implement consistent cybersecurity measures. On the other hand, most small businesses don’t even have a system administrator in place. Even so, although consistency is equally important for everyone, cybersecurity measures must be defined on a case-by-case basis. „Companies who operate on a small scale are way less likely to experience a deliberate cyberattack than big corporations and their business partners. But setting that probability at zero is a big mistake. Unfortunately, most companies only start paying attention to cybersecurity after the first data breach“, Kęstutis notes.
Regarding the most prominent types of cyberattacks, Kęstutis highlights two common scenarios: exploited system vulnerabilities and social engineering. In the first scenario, attackers analyse and critically evaluate system code, searching for any gaps they can use to get inside. In case of the latter, fraudsters use identity theft or other digital impersonation tactics to obtain sensitive information (passwords, email addresses, client data etc.). „We had a case like that 6 years ago. One of the employees received an email with a request to change their password. The sender didn’t look suspicious, so she clicked on the link and entered her password. A month later, everyone in the company received the same email. Although it’s not the worst that can happen, attackers could obtain our clients’ email addresses, which may lead to further cyberattacks against them – either through that hacked email account or from other sources“, he recounts.
One of the most common motives for cyberattacks is to obtain sensitive information and make financial gains and/or do harm to the target. Besides, business clients of a targeted company may suffer significant damage, too. To mitigate this risk, companies are becoming increasingly selective of who they collaborate with, raising the security bar for business partners as cyberattacks get more and more prominent.
Speaking of practical measures that companies can take to improve their cybersecurity standards, Kęstutis highlights two essential tasks that every company should have on their security to-do list:
1. Continuously educate employees on cybersecurity and password management, reporting new security measures and their value to the company;
2. Use reliable service providers to make sure that all business emails are treated as trusted senders once they get to the clients’ inbox folder.