Smaller organisations are used to changing and adapting but even the most flexible have been tested in 2020. Ironically, criminal elements have been quick to adapt their businesses, adding many Covid-19 related attacks to their arsenal. Doing little or nothing to offset these risks and hoping that a cyber-attack “won’t happen to me” is not a responsible option. Defending an organisation from cyber threats doesn’t need to be complex, costly or confusing. Here are 5 steps to help you get organised and ensure your cyber security defences are up to the job.
- Education and awareness training – phishing scams are still one of the most common cyber-attacks. Recent reports highlighted that 65% of attacker groups used spear phishing as the primary infection vector and that 94% of malware is delivered via email. Phishing email scams are popular because they are effective at breaching company defences. Employees benefit from cyber security awareness training to help identify the techniques phishers use in emails. If an employee does accidentally click a phishing link or enter details into a website, avoid apportioning blame but reward reporting events and have a clear process advising what to do and the next steps to take.
- Recognise your risks – a risk assessment is vital to understanding what data you have, the value of that data and how a breach can impact the business. Only by identifying the risks that can affect the confidentiality, integrity and availability of data can you take steps to effectively protect it. Regular reviews will keep you on track and help prioritise the risks most dangerous to the business.
- Develop a framework – the key to ensuring data is protected is to implement documented policies and processes. Collectively, these form a guide for employees, detailing how data should be collected, processed and stored and what to do in the event of a data breach or an information security incident. This guidance should include backup processes and how to recover lost data as it is vital to resume business as usual, without delay, when adversity strikes.
- Adopt a system to guide you – many organisations lack the resources to hire the dedicated expertise required to manage their cyber defences, policies and processes. Therefore, adopt an online information security management system (ISMS) that incorporates basic cyber security principles and Cyber Essentials as a way to pinpoint the areas to focus on. Cyber Essentials is a government and industry backed certification scheme which describes 5 technical actions to deflect many cyber-attacks.
- Get cyber insurance – having cyber defences makes your business a tougher target to attack but does not guarantee safety online. The real expense of a cyber-attack is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage. Cyber insurance can provide a layer of protection when an organisation is faced with the fallout from an attack. Look for a policy that includes the cost of remediation activities, loss of business and legal costs from litigation.
Be a tougher target
There is no cybersecurity silver bullet, but some data breaches can be avoided by educating employees on what to look for. There is no substitute for good cyber hygiene but by creating a cyber-aware culture and adopting the right approach, organisations can establish a sound cyber posture. As managing expenditure is important to any business, consider an ISMS system that operates on a monthly subscription model with a clear fee structure and no hidden support costs. We may be living in uncertain times, but a well-prepared organisation can still prosper.