How to Approach Cyber-security in Business
Category : Uncategorized
At one time, threats to cybersecurity mostly meant potential leaks of personal or financial information. Now, however, digital threats are on the rise and coming from a wider variety of sources. In 2016, hackers were able to hold the entire San Francisco Municipal Transport Agency hostage by locking over 2,000 systems with ransomware. In 2017, out of the roughly 3.5 million apps available in the Google Play Store, 700.000 of them were deemed “problematic” in terms of security.
Perhaps the biggest threat to cybersecurity, however, is the human factor. According to Verizon’s 2018 Data Breach Cybersecurity Investigations Report (DBIR), financial pretexting and phishing were the source of 93% of all breaches investigated, with email being the main entry point 96% of the time. The report went on to say that companies are nearly three times more likely to be breached via social attacks than through actual vulnerabilities in their systems. This emphasizes the need for ongoing employee cybersecurity education. Here are 5 steps to handling cybersecurity threats to your business.
- Know the Value of Data and Security
No matter what kind of business you run and no matter how large or small your business may be, you have valuable digital data to protect. This can include proprietary information, intellectual property, sensitive and personal employee information or even the financial data of your customers.
The first thing you need to do is assess your digital assets to determine which are most in need of protection and then develop the appropriate systems to protect them. Secondly, you need to assess what types of threats would cause your business the most issues and enable stronger safeguards against those threats.
- Assess Your IT inventory and Determine Business and Technology Risks
Once you have determined what your greatest assets and greatest threats are, you need to assess what measures or security plans you already have in place for dealing with them. You also need to assess the most likely points of entry for those threats.
This includes taking a hard look at security software and making sure it is up-to-date, including the most recent patches. Older software is highly vulnerable, and updates and patches exist to fix those vulnerabilities. So, if you skip on regular updates, you are exposing all the data to persons with malicious intent. Your cybersecurity is only as good as the last patch that was applied.
3. Be Proactive: Educate your Employees
In 2016, IBM’s Cyber Security Intelligence Index found that 60% of all cyberattacks were carried out by insiders. Of those attacks, 75% were carried out with directly malicious intent, while 25% of them involved unwitting actors.
While there may not be as much you can do about employees that genuinely intend to damage your business, there is much you can do about the 25% that don’t.
It is important to educate your employees on proper management and security, such as what risks a public Wi-Fi network poses for unsecured devices or ways to identify phishing email scams. Especially with the trend of allowing employees to bring and use their own personal devices at work is on the rise (BYOD), the risk of a data breach has never been higher. This doesn’t mean that you should discourage such practices, especially if your teams are often on the move, but ensure that they are aware of possible risks and that their devices (personal or business) are properly secured.
- Develop a Strategic Cybersecurity plan
The best way to deal with cyber attacks to treat them as if they are going to happen, rather than simply hoping they don’t. The more prepared you are for them in advance, the more likely you are to weather them well.
Before you reach that point, however, you also need to have strategic plans in place to keep hackers and other ne’er-do-wells from accessing your system in the first place. These can include plans for getting security patches installed immediately, regular password changes for employees, assigned passwords and even regularly backing up your entire system and storing it elsewhere in case of a ransomware attack.
When designing any type of security plan, you always want to involve stakeholders as well as ensuring you are in compliance with local, State and Federal regulations. In many cases, you may need to raise funding from your stakeholders to boost your security, so getting them on board early is critical.
- Implement and Tweak Your Plan
Implementing a good security plan is not like developing an exit strategy in case of a fire. Hackers and thieves are constantly adjusting their strategies, which means you need to constantly be tweaking yours to combat theirs.
The reason cybersecurity companies are constantly sending out patches is because cybercriminals are constantly devising new ways of breaching their security. Cyber thieves never rest, and therefore, neither can you. Your strategy cannot ever simply be a one-time thing that you assess, address and move on from. It needs to be vigilantly addressed, tweaked and changed as threats change as well.
As cyber commerce increases, more and more businesses may have greater digital assets to protect than physical ones. This means that where once businesses may have invested the most in protecting their physical assets and premises, they may now need to shift to investing in protecting those digital assets instead.