It's surprising how many businesses do not even practice security essentials. Practically every day, I hear someone asking us if they can use a simple password as the one we gave them is too hard to remember. When you see what they suggest, it turns out to be the name of their dog or their son or daughter. Ask them another question and the same password will almost certainly the one they use for everything. With other businesses, they will happily tell you that they have no policy of updating software or way of checking safe practices amongst their employees. All we would say to them is that you had better have access to a nice loan or a sizeable reserve of cash for when Cryptolocker gets you! We even know one business who kept a sizeable database of customer information, who, when asked what they would do if this was hacked and they faced a massive fine from the authorities, replied that they just did not care on the grounds that "it would never happen to them".

That will no doubt look good when they need to explain themselves to the data protection authorities.

...