Having a well thought out and correctly implemented Cyber Security Strategy can help businesses avoid a huge amount of damage if they find themselves under attack. Let’s explore the importance of cyber security and how to avoid the sort of security failure that can destroy a company. So What Is Your Cyber Security Strategy?
Something that has become very popular over dinner tables and in general conversation is that, if the people responsible for online scams, phishing expeditions and the rest of the nefarious online activities that all users see day after day would only spend as much time on honest endeavour as they do on trying to cheat people, they could be legitimately rich instead of always dodging the police. It’s a popular meme, but it really addresses only part of the problem of Cyber Security.
Not all cyber-spying is by solitary geeks
The fact is that a great deal of online espionage is not carried out by antisocial young men and women hunched over laptops in their bedrooms, laughing maniacally at the temptations they place in front of gullible people. Far more, in all likelihood, is the work of governments and corporations who want to know what other people are doing in order to take financial advantage of them – to steal money, or (more often) product designs, patents applications, cost data, information about customers, and other information.
If you want to stay in business, you need to protect yourself against these people. How to do that?
You need a top-down, holistic Cyber Security Strategy
Don’t try to do this in bits and pieces. Ideally, and if your company is big enough, you want someone assigned to this task and to nothing else. If that is not possible, then make sure that the job of ensuring cyber security is in the hands of a known person or small group of known people. Those people need to understand that there is no one-size-fits-all, magic fix for the risks the Internet brings with it. And the fact that you’ve assigned the job to one person or one group does not mean that no one else has to be involved – everyone in the whole company needs to be aware of the threat, aware of the steps being taken to combat it and aware of the part they play in the process.
Because cybercrime comes in many forms, it has to be combated in many ways. That’s why we say you need a strategy; it’s also why the strategy needs to contain several elements.
Maintain a constant security awareness among staff
New ways of getting past your security are constantly being developed. If you have everything else in place, the weak point in the system is going to be people. It only takes one human error to open your entire network to predators, so make sure that everyone is constantly reminded of the things they must not do – the links they should not click; the attachments they should not open; the websites they should not visit.
Use the best available protection software and keep it updated
- You need a virus checker to prevent hostile software from reaching your system in the first place.
- You also need a malware checker, and they and virus checkers are not the same thing. There are malware checkers that examine attachments arriving with your incoming email, and there are also malware checkers that look at changes that someone is attempting to make to software you already have installed. Don’t work on the basis that no one will try to plant something deeply unpleasant on your system, because someone will.
- Firewalls can be troublesome, because they sometimes prevent you from installing software that you actually want to install, with the result that people sometimes turn firewalls off. Don’t do that. There is sniffer software out there constantly looking for unprotected networks and if you leave yours unprotected, it will be found.
- Sometimes, it’s your own staff who cause you the most trouble, not (or not necessarily) because they are in the pay of someone else but because they take pleasure in flouting the rules. And sometimes you can’t discipline an employee after the event because you didn’t have a proper HR policy in place. Don’t let that happen. Have a written HR policy that tells people what they are not to do and the penalties if they do. Then make sure that everyone signs a copy to show that they have read it. Keep those signed copies safely on file. “What they are not to do” includes (but is not limited to) accessing unauthorised sites from a company-owned device or through the company network, and installing unauthorised software either on a company-owned device or on a device attached to the company network.
- Have a password policy that requires positive protection of passwords by all members of staff, prohibits sharing passwords, and requires regular and frequent password changes.
- Institute formal notification procedures for the loss of any device. Require it to be done within a maximum of four hours from discovery of the loss.
- Investigate encryption software and, unless you can find a very good reason not to, ensure that documents are encrypted so that, even if they are stolen, they will be of no use to the thieves.
- Do you have a good backup system? All backups should be in at least two places: a cloud storage resource (Dropbox, Onedrive, or something similar) and an external drive. Backups should be both frequent and automated. What’s more, there should be regular checks to ensure that backed up data can be recovered.
- Have tight password control and, whenever a password is changed, require confirmation from the user that she or he did actually initiate the change. Be very careful who you give administrative privileges to – spreading admin privileges widely may make day-to-day operations easier, but it is a terrible risk.
- As well as online security, you need the physical kind. If you have your own data centre, control human access to it with electronic locks and passwords, or something even more difficult to break down.
Security isn’t something people like to look at, because it can suggest that you don’t trust people you work with. That shyness can bring a company to its knees. If you’d like a professional audit of your own security, with suggestions on how it can be improved, get in touch. We’ll be delighted to help.
Concerned about your Cyber Security Strategy??
Speak to the experienced team at Stanfield IT on 1300 910 333