Today our personal lives, society’s essential services and just about every business is online, and that means cyber threats are a fact of life.
Companies face an ongoing and persistent threat from criminals operating in cyberspace, who see the online world as one they can exploit with low risk and high reward. But for businesses, an attack can destroy reputations and hit finances hard, while non-compliance can lead to heavy penalties.
Are you doing enough to secure your organisation? Here are key considerations to take into account to ensure your business is well defended and prepared for cyber attack.
- Understand the cyber risk
Businesses grow. They need new technology and innovation. But this brings risk, whether it's through third parties, contractors or changes in the supply chain.
Understand where your business is and make sure your cyber security strategy is taking all movements into account. Review and update it constantly – don't be caught out by new risks.
- Have the right security controls
Your business is likely to have vulnerabilities. These could be straightforward enough to be fixed with a code change, or it might need a lot more work. But you need to be prepared to make big decisions if you view them as critical.
And don't forget, the perimeter is gone – the security controls of yesterday won't work. You need the security controls of today – protecting all the end points with integrated, configured and patched security controls.
- Balance business and risk
Data is power and systems run through the heart of most businesses. At the absolute minimum, business directors need to understand what the most critical assets are and key areas of vulnerability.
Businesses need to have the courage to make the right decision that balances security risk against commercial necessity and does the right thing by the business and customers in the long term.
Leaders must discuss what cyber risk they are prepared to take and how much they want to invest to manage it. There needs to be the courage in making the difficult decisions on what systems and services are protected, and at what level.
- Build a defensive culture with Security by Design
Security needs to be ingrained into the company culture. It isn’t a checklist, but something which should be ever-present. Security by Design involves everybody making sure they are working securely, whatever role in the company they have.
Whether an employee is writing code in an application, delivering a service or responding to a customer, there needs to be accountability. And analytics can help in discovering where the vulnerabilities are.
- Prepare a response
No security is completely effective, and there is always a chance of a successful attack. What makes the difference between a full blown crisis and a problem to be tackled is the plan you have in place to respond and repair. There needs to be a thorough, rehearsed and tested response plan known to clients and employees, across systems and processes.
The way people respond will have a major effect on operational impact and loss of productivity, as well as customer confidence. With the right planning, there's absolutely no need to make a bad situation worse.
Image source: Shutterstock/lolloj