Steps to improve your cyber security
Cyber security, defined as “measures taken to protect a computer or electronic system against unauthorised access or attack,” is no longer the exclusive domain of companies large enough to have a CIO and IT department.
These days, with all of us connected online not just by our computers but also by our wireless devices, smartphones and even toasters, fridges and cars, the threat has become pervasive with the points of illegal entry numerous. Regardless of the size of your business, the implications of a breach can now be so serious that every employee has a stake and a role in protecting it from cyber threats.
The steps outlined below range from the basic to the advanced. Some forward-thinking companies will already have tackled some or even many, but, in our experience, very few have adequately addressed them all. The more of these steps you can address, the less likely you will find your business in an embarrassing or costly situation in the wake of a cyber attack.
Focus on what matters: Identify and document the business-critical functions and information that must be safeguarded against cyber attack. If you don’t know what your jewels are, you cannot best protect them.
Get real about risk: No matter how strong your current security measures, cyber criminals likely know how to circumvent them. Prioritise risks based on their likelihood and impact, so you can effectively manage your cyber risk exposure. History is not a predictor of how real the risk is. Alternately, getting to a zero level of risk is not possible. But being practical and prioritised about the uncertainties you have to manage helps you take effective action.
Know your friends: Inventory your extended relationships—supply chain, outsourcing, partnerships, clients, vendors, contractors, etc. Include anyone who has access to your IT infrastructure, and seek assurances from these parties that they are vigilant in addressing cyber security. Trust but verify.
Draw up emergency plans: Establish procedures to react to cyber attacks, from financial, legal, technical, business, organisational, and branding standpoints. Bad things sometimes happen. But how you respond makes a big difference in managing the longer term impacts on your customers, brand and the viability of your business.
Protect what’s vulnerable: Cyber criminals increasingly evade current security controls to target vulnerable applications. To protect your business-critical systems, make sure to apply timely patches and software updates to your most exposed assets.
Get smart: Take advantage of the knowledge of industry associations, as well as commercial and other intelligence sources. Whether you build the skills in-house or outsource, the key is to establish proactive cyber threat intelligence capabilities. Seek specialist advice and build collaborative communities. Learning together improves the methods, tools and knowledge you can apply.
Jealously guard your reputation: To protect your reputation, you need to know who’s talking about your brand and what they’re saying. Know your online footprint as a business, and of the individuals who lead the business. Seemingly harmless information that may be out in the online world can be used to build up a profile of you and your business to help develop more targeted attacks against you. Limit the information shared.
Foster cyber awareness: The weakest link in your cyber security isn’t your technology; it’s your people. Social engineering attacks that use targeted phishing emails or other techniques often hoodwink users into revealing confidential information or trick them into downloading malware. This makes it easier for cyber criminals to penetrate your network, without even resorting to more traditional hacking methods. Educate and empower your employees to be aware and act.