Short term pain long term gainWith cyber-attacks costing SMEs dearly in terms of wasted time, lost money and declining industry reputation, let’s ensure it stops for good by looking at long-term policies they can implement to lessen the chances of a future breach. Here’s what three business leaders have to say about ‘planning for the future’ where cybersecurity is concerned…
1. “Educate staff about phishing” Alistair Sergeant, CEO, Purple
The solution(s) can be simple…Some of the world’s largest data breaches have resulted from phishing emails because staff members simply couldnt tell the difference between legitimate or scamming correspondence. Investing in educating staff members on cybersecurity risks and the potential impact any breach can have on their own personal data will help them understand the severity of phishing and ensure they are united in protecting the organisation too. Cyber-thieves and hackers have become increasingly intelligent. Implement simple, but effective changes and businesses will significantly increase their cybersecurity measures.
2. “Ensure staff are visible on what needs guarding” Marco Rottigni, Chief Technical Security Officer EMEA at QualysRather than looking at the latest and greatest security technologies, small companies have to go back to basics and reduce what can be attacked in their business. This involves cutting down all the exposed areas that an attacker can interact with over the internet – this can be achieved by paying more attention to IT hygiene and improving the awareness of all users.
Listing ALL you have…What does this mean in practice? Getting an accurate list of all the IT assets that you use, from endpoint devices through to software installed and additional services like cloud accounts. After all, you cannot defend what you do not see, therefore you need to keep dedicated sensor eyes? on these assets. This can be achieved using sensors that can collect data from all their IT assets. There are free tools available that can provide this service, so the cost does not stop companies doing this.
Implement absolute visibilityOnce you have this visibility, you need accurate information. Without accuracy, you run the risk of overwhelming your resources and staff with a tsunamI of events to investigate and unless you want staff to burn out or quit, this isnt going to work. Prioritise the most important fixes that are riskier first you can use information from your security partners to help you here.
3. “Get the general training in” Darren Hockley, MD, DeltaNet Internationalit’s true that most cyber-security breaches originate from external sources e.g. hackers and cyber-criminals. However, the biggest threat to digital security is, in fact, internal. It comes in the form of employees who however unwittingly leave their business vulnerable to attacks in the first place.
Have you trained your staff enough?This can occur due to gaps in knowledge, complacency, or just a general lack of confidence when it comes to cybersecurity best practices and dealing with threats like phishing and social engineering. This is why protecting your organisation and keeping confidential data safe doesnt just rely on the latest high-tech, often expensive, software. Rather, it begins closer to home: with ongoing awareness training for staff and a compliance culture that’s clearly communicated from the top.
Even basic training can help staff flag issues…Awareness training is key when it comes to battling the sort of errors in judgement cyber-criminals hope well make at work, e.g. downloading a document from an unknown email source or reusing passwords across multiple accounts and devices. Remember, as unbelievable as it sounds in 2019, amongst the top reasons for organisational data-breaches and losses is members of staff using weak passwords! Even though were all well versed in the dangers of these things, without continuous awareness training to keep threats fresh in our mind, it’s all too easy to fall into the criminals? trap particularly if were busy at work. This risk is especially high at organisations that only offer cybersecurity training once (say, at induction), or those that use outdated training courses/methods merely for box-ticking and that don’t engage staff.
Sign up to our newsletter to get the latest from Business Advice.