Malicious hacking attempts are on the rise, with any organisation that maintains databases of customer personal data or client payment information being at particular risk.
Cyber security, and especially data protection, are now a central part of any business’s ability to succeed, from small start-ups to the largest organisations.
Given this scenario, in this article we provide some practical insights on how you can improve your company’s cyber security:
A basic measure to increase your cyber security is to ensure all employees are using strong passwords. A strong password typically consists of eight characters or more, and includes uppercase and lowercase letters, numbers, and at least one symbol.
Encrypting your company computers and mobile devices, by coding information so that only authorised users can read or access them, will ensure that your data is protected even if your devices are lost or stolen. This is an important element in the fight against cyber breaches and data leakages due to lost or stolen corporate assets, such as laptops and USB drives.
In the world we live in, peace of mind is something we all look out for, and cyber insurance will give you just that. It could also prove to be a worthwhile investment, protecting you against the potentially costly consequences of any significant data breach. Cyber insurance policies can be cost effective, especially when compared to the time, cost and future ramifications of your confidential information being accessed by unauthorised users.
The human element is key to the effective functioning of any organisation. You should therefore invest in training your employees to ensure they are aware of best practice when it comes to email management, especially with regard to malicious links and attachments used as potential tools in phishing scams. Staff should also be educated as to other phishing techniques, where attempts are made to acquire confidential or sensitive information via electronic communication seemingly appearing to come from a trustworthy organisation.
Clean desk policy
Meanwhile, take steps to introduce a ‘clean desk’ policy in the workplace, thus stressing to your employees the importance of keeping all information confidential – including printed documents that may contain sensitive data. This helps to ingrain data protection into the company culture.
Update security technology
At the same time, invest in robust, up-to-date cybersecurity technology. Although this will involve an initial outlay, the protection it provides will help to secure your business networks, as well as any confidential data you keep that would be of interest to potential cyber criminals. The fight against cyber-crime is conducted 24 hours a day, seven days a week. It is therefore important to take the time to regularly assess your company’s security policies and key security controls.
Do not fall into the trap of listing audits as part of your procedures, but failing to conduct them. Software is also readily available to ensure all your internet-facing systems are updated and protected against any potential threats.
Incident response plan
Keep in mind that if you share data with third parties, a weakness in their systems could eventually find its way back into your own. Check and monitor that your suppliers or partners are complying with basic security practices. While you won’t be able to control their systems, you can at least understand the risks and take any necessary actions to mitigate them. At the end of the day, it is all about being prepared. It is therefore wise to develop an incident response plan so that you are able to act quickly and effectively should any breach occur.
Dedicated member of staff
Consider issues concerning how a breach would be tackled by your technical, legal, IT, HR, and communications teams. All this should be coordinated by a dedicated information security officer, who can help you develop plans on how best to protect your company from a cyber breach, as well as oversee the delivery of staff training and education. This will also deliver a strong signal about how seriously your organisation views data and cyber security.