5 Steps to Sound Cyber Security

  • techUK techUK
    Thursday10Sep 2020
    Opinions

    Guest Blog: Guy Lloyd at CySure describes how being prepared can help to keep organisations safe online and to avoid cyber-attacks

Smaller organisations are used to changing and adapting but even the most flexible have been tested in 2020.  Ironically, criminal elements have been quick to adapt their businesses, adding many Covid-19 related attacks to their arsenal.  Doing little or nothing to offset these risks and hoping that a cyber-attack “won’t happen to me” is not a responsible option. Defending an organisation from cyber threats doesn’t need to be complex, costly or confusing. Here are 5 steps to help you get organised and ensure your cyber security defences are up to the job.

  1. Education and awareness training – phishing scams are still one of the most common cyber-attacks. Recent reports highlighted that 65% of attacker groups used spear phishing as the primary infection vector and that 94% of malware is delivered via email. Phishing email scams are popular because they are effective at breaching company defences. Employees benefit from cyber security awareness training to help identify the techniques phishers use in emails. If an employee does accidentally click a phishing link or enter details into a website, avoid apportioning blame but reward reporting events and have a clear process advising what to do and the next steps to take.
  2. Recognise your risks – a risk assessment is vital to understanding what data you have, the value of that data and how a breach can impact the business. Only by identifying the risks that can affect the confidentiality, integrity and availability of data can you take steps to effectively protect it. Regular reviews will keep you on track and help prioritise the risks most dangerous to the business.
  3. Develop a framework – the key to ensuring data is protected is to implement documented policies and processes. Collectively, these form a guide for employees, detailing how data should be collected, processed and stored and what to do in the event of a data breach or an information security incident. This guidance should include backup processes and how to recover lost data as it is vital to resume business as usual, without delay, when adversity strikes. 
  4. Adopt a system to guide you – many organisations lack the resources to hire the dedicated expertise required to manage their cyber defences, policies and processes. Therefore, adopt an online information security management system (ISMS) that incorporates basic cyber security principles and Cyber Essentials as a way to pinpoint the areas to focus on. Cyber Essentials is a government and industry backed certification scheme which describes 5 technical actions to deflect many cyber-attacks. 
  5. Get cyber insurance – having cyber defences makes your business a tougher target to attack but does not guarantee safety online. The real expense of a cyber-attack is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage. Cyber insurance can provide a layer of protection when an organisation is faced with the fallout from an attack.  Look for a policy that includes the cost of remediation activities, loss of business and legal costs from litigation. 

Be a tougher target

There is no cybersecurity silver bullet, but some data breaches can be avoided by educating employees on what to look for. There is no substitute for good cyber hygiene but by creating a cyber-aware culture and adopting the right approach, organisations can establish a sound cyber posture. As managing expenditure is important to any business, consider an ISMS system that operates on a monthly subscription model with a clear fee structure and no hidden support costs. We may be living in uncertain times, but a well-prepared organisation can still prosper.

Share this

FROM SOCIAL MEDIA

Join us for an Introduction to techUK on Tuesday 24 November. Whether you are new to techUK, thinking of joining u… https://t.co/Xrp47iFBPP
Last chance to join us for Hong Kong Fintech Week 2020! If you're a techUK member, claim your discounted access to… https://t.co/4QToCzMNho
🚨 New #techUK report - Delivering diversity. techUK has catalogued how members are being proactive in tackling ine… https://t.co/ErzZx1C1Mi
Data adequacy is a hot trend right now. Read our experts letter for @LawSocBrussels delving into importance of data… https://t.co/ekCJOLf7Q5
@AwenCollective Welcome to techUK - we are delighted to have you on board!
The @techcharterUK have launched a new campaign called #DoingItAnyway to help more women get into #tech. Get inspi… https://t.co/WfftI5rKOD
Join our friends @bethebusiness and @Facebook next Wednesday for their latest regional event. If you’re a business… https://t.co/7xXtnWJeMJ
FINAL CALL: Nominations to the Health and Social Care Council close on the 2nd November. Step up and help to lead t… https://t.co/a5DIXuq64U
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...