How to know your IT and systems are vulnerable? Check these 10 signs

If you’re operating a business, you want to make sure it’s as safe and secure from cybercrime and potential security breaches as possible. But you don’t want to wait until the unthinkable happens before knowing you have to do something about it.

When we look at a client’s IT and systems there are various warning signs improvements to security are required. It’s a question of what’s NOT happening within your organisation and business that signal weakness in security.

If you recognise one or several the following signs, it’s likely your IT security needs upgrading.

10 signs your IT systems are weak

You don’t back up your data regularly, or are unaware of your back-up routine

If there was a fire or flood, or other office disaster, would your backed-up data be available? Do you how often backups occur and how you can access them? If you don’t have any IT support to take care of your backups, then they’re your responsibility.

Ask yourself if backups are happening, how and how often. Ideally, they should be every day, if you’re not working on live documents automatically stored in the cloud. External storage should be secure and away from the main workplace. And backups should be to a secure location.

You don’t have any policies about working securely away from the office

Do you and your team work on the train while you commute or in a shared office space? Do you have any policies or rules about locking devices, using a privacy screen or not taking documents from the office?

Every time you work in a public place and your screen is visible to anyone but you, you increase the vulnerability of your data and threat to your reputation. The same goes for when you share your screen in an online conference call; close your tabs and block any alerts so information can remain private.

You don’t have a password policy or password management protocol that includes multi-factor authentication

It shouldn’t be up to staff to simply choose their own easy-to-remember password to access work laptops, smartphones, tablets and email accounts. Weak passwords are one of the easiest targets for cybercriminals to take advantage of and one of the easiest to avoid. Passwords, by their nature, should be tricky to guess, and, ideally, used in conjunction with multi-factor authentication, which is another form of authenticating identification, for example a one-time code sent by text message.

Use a password manager securely, or at least have a protocol whereby staff follow the three-random-words best practice of the National Cyber Security Centre (NCSC).

Your antivirus and malware protection are out of date, or you’re not sure if they’re up to date

You need to make sure your antivirus and malware protection is installed and up to date, or they could be useless in protecting you against a phishing attack or virus. It’s as important to have antivirus and malware protection on your devices in the office and the ones you and your employees use at home or when working away.

You and your staff are unsure how to spot a suspicious email

Email attacks from cybercriminals increasingly mimic reputable, known sources. They may appear credible but there are signs to look for: badly written emails can be a sign they are not from a trusted source; and any requests for urgent action should be treated with extreme caution, particularly requests for payment or for you to enter personal details.

Even a notice of a change of bank details from a supplier, that looks at first glance as if it is from your supplier, should be checked with your named source, to ensure the notice is trusted.

Links within a suspicious email should never be clicked.

There is useful training you can access from the NCSC to help you and your team spot suspicious emails.

Access is not limited

Do you have any access controls in place? All staff do not need access to all information. For example, HR staff need HR records, but other staff don’t. And if staff leave or are off work for a while, their access should be suspended. Not taking hold of your access to control it properly is a sure sign you’re operating vulnerably.

Using an insecure Wi-Fi connection

Using public Wi-Fi connections or insecure connections puts your data at risk. If you’re using a public network, try to ensure you use a secure VPN (Virtual Private Network).

You keep data forever

If you keep data forever and don’t have a strategy for clearing data, you’re holding more of what cybercriminals want. So if you were to suffer a breach, the consequences would be far greater than if you held only what you need. Data strategy and cleansing is key to your safe and healthy operation.

You don’t have a policy for securely disposing of old IT equipment

You can use deletion software to securely wipe data from equipment you no longer need or use. Or hire a specialist to wipe all data. Data from old equipment is easily accessed by a cybercriminal who knows what they’re doing – don’t leave yours lying around on old kit.

You don’t have a cybersecurity aware mindset

If you don’t have a cybersecurity mindset it likely means that many of these measures will come as a surprise to you. With a security-first approach you’re going to stay more on top of the measures required to keep you operating safely.

If you’re overwhelmed by cybersecurity and operating more safely as a business, get in touch. We’re IT and data security experts. We’ll test your systems to check where you’re vulnerable and take it from there.

< Read more articles on our IT Academy