Cyber security should be a high priority for every company and organisation, regardless of its size or business type. Just as our reliance on technology continues to grow whether in a work or private environment, so does it provide criminals with more opportunities to exploit vulnerabilities and in ever more sophisticated ways. So, what can we all do about it?
The first thing is to ensure that Cyber security is considered everyone’s responsibility. Companies cannot simply deploy tools to counter every possible threat and hope that the problem goes away.
It is important that everyone is made aware of the common threat types and are equipped to make good and informed choices when faced with any situation that has the potential of being a cyber-attack. On-going Cyber security awareness training for all staff delivers far more value for an organisation than investment in any single security technology.
The second thing is to adopt a zero-trust approach, especially now as we find ourselves operating in a hybrid working environment which in-itself significantly increases the risk of cyber-attacks. In this hybrid environment, more employees are far more likely to be using a mix of company and personally owned devices to access corporate data and this increases both the points of entry and the resultant security risks. One typical example of this would be the use of a privately owned device such as smartphone connected over a public unsecured Wi-Fi network to access corporate data and applications. In this scenario the risk of injecting Malware from an unmanaged device into the corporate network is very high. Now more than ever it has become imperative that companies and organisations create a culture of cyber security awareness throughout their workforce to help combat these threats at every level.
Finally, and maybe the most important piece of advice is be prepared! Every company or organisation is likely to face a Cyber-attack at some point. To counter this risk, it is important to invest in and deploy a range of modern cyber security counter measures. It is also best practice to create and rehearse a pre-prepared action plan that includes an escalation matrix that covers multiple types of Cyber-attacks, as well as a robust communication plan. Have this action plan ready to be implemented immediately should your company experience an attack. This will save you considerable time and should significantly reduce the overall impact of the Cyber-attack event on your organisation.