Over the past 5 to 6 years we’ve talked about cyber security a lot. More than we ever hoped we’d have to, but unfortunately it’s been completely necessary and continues to be an important topic to raise with every business we engage with.

The topics and challenges relating to IT security have certainly evolved during this period and so have people’s mind-sets regarding the safety of data within their organisations.

We believe that the shift in mind-set goes in three stages, starting with denial, moving into understanding before ending up in complacency, and more and more often we’re seeing businesses become complacent with their IT security approach.

The denial stage was pretty common for most people several years ago. After all, why would someone target your business? Why would they bother when there’s bigger fish to fry?

However, as it became apparent that the vast majority of attacks are completely random and not targeted solely at large companies (as the news would make you believe) then people started to take note, read up on the subject or maybe attend a seminar.

Once denial was out of the way, understanding is the first step of fixing the issue. More often than not the understanding phase is coupled with some action, whether that be installing new security software, training staff or putting in a complete, layered IT security strategy which protects your business from every angle.

But this is where we’ve seen today’s complacency issues start.

Cyber security is not a one-time fix type of problem. You simply cannot expect software or a strategy that was put into place years ago to still protect against today’s threats.

Cyber criminals are constantly looking for ways to get around security protection within software, whether that’s the latest patch from Microsoft, your anti-virus software or by tricking your users with spam email.

If you have taken the decision (consciously or unconsciously) not to patch your server and workstation operating system, not to deploy an up-to-date suite of security software and have never trained your staff, then you are leaving yourself wide open.

This level of complacency is exactly what cyber criminals need to thrive and succeed.

So how do you stop this happening?

The trick is to never leave the understanding phase – whether that is through your own learning and efforts or by partnering with a cyber security expert.

We have already seen Sophos release a dedicated solution to prevent ransomware this year, a solution that simply did not exist beforehand, and we’ve seen businesses implementing this at a rapid rate. Unfortunately, not everyone has been quick on the uptake and it is becoming all too common to see small businesses become the victim of cybercrime, resulting in system downtime, the loss of data and, sometimes, the loss of hard cash.

We can only advise businesses to take this seriously and continue to talk about it at every opportunity we get – we know not everyone will listen but if we can use our knowledge, experience and expertise to help even more businesses avoid a cyber-attack, they we’ll keep shouting about it!