Cyber security risks affect every employee in an organisation. As a business owner, you can effect comprehensive cyber security policies to safeguard sensitive and proprietary data while minimising business interruption.
In order to do so you need to learn about the latest trends in cyber security, key vulnerabilities, and what you can do to address them.
The current state of cyber security
A quick review of recent ransomware virus attacks, as well as potential threats relating to cloud and Internet of Things (IoT) indicates cyber security can be a costly issue for businesses if not properly addressed.
Recent global ransomware attacks throughout mid-2017 – the biggest outbreak in history – demonstrated how vulnerable businesses can be. Nearly 100 countries were affected by the ransomware, which started in Russia and the Ukraine before spreading to Europe and the rest of the world.
Spread by Word or PDF documents, the ransomware worked by freezing individual computers until ransoms of hundreds of dollars were paid (in Bitcoin). The attack followed the WannaCry attacks in May 2017.
Cloud and IoT vulnerabilities
Research suggests businesses have “complex and chaotic” security provisions when it comes to the two major emerging IT trends of cloud and IoT. The majority of businesses (62% in fact) are worried about IoT security though they’re convinced by the benefits of cloud and IoT tools. The survey suggests threat detection, incident response, and simple, unified solutions can help project managers better guard against potential threats.
Cyber security 101 for small business owners
While choosing reliable software vendors is a crucial part of cyber security management, leaders in an organisation also have a key role to play in preventing security breaches.
If you’re not sure where you stand, you can always test your knowledge with a cyber security quiz. It’s essential to know where the gaps in your knowledge are to ensure you have a sound foundation for implementing a strong cyber security policy.
There are five cyber security basics every leader needs under their belt.
1. Data protection
Proactively seek out tools and processes to enhance data protection, especially when it comes to sensitive data like customer information and employee contracts. Use encryption across devices and networks.
2. The cloud
Understand the risks associated with the cloud, and choose your third-party cloud-service providers carefully. Work with your IT consultants to find ways to reduce the risks associated with using cloud services.
3. Passwords and two-step verification
Make strong passwords and two-step verification standard in all your projects. Using a generic password like your dog’s name or your favourite song for all of your accounts is a huge liability. Password software can generate strong passwords that will nullify the risk. Remember to change your passwords regularly to maintain airtight security. Likewise, two-step verification bolsters cybers ecurity by adding an extra layer of protection to your account.
4. BYO devices
If your team members use BYO devices, develop a policy to guard against malware infection risks. Ensure that they adhere to cybersecurity best practices such as strong passwords, two-step verification and comprehensive understanding of how to handle data on their personal devices.
5. Remote work
If any team members work at home or remotely, make sure they use a virtual private network to keep private data secure as it’s transferred across external networks.
How can ethical hacking help cyber security?
Ethical hacking – also known as penetration testing – is another way to keep your projects and data secure. Ethical hacking involves having a professional hacker test your network for vulnerabilities. It can make your emails, databases, VoIP, and other IT elements more secure. The movement towards the cloud along with increasing adoption of IoT are strong reasons for using ethical hacking to discover vulnerabilities.
Cyber security and social media
Social media is another point of entry for cybersecurity threats. An employee’s tweet about an upcoming conference for the team can be turned into a phishing attack through email. LinkedIn can also be mined by hackers for email addresses for phishing attacks.
Develop a detailed social media policy to guide team members. Provide guidance on how and why sharing too much work-related information can impact the organisation, and update the policy as social-media-related cyber security trends change.
Peter Nikiter is Director, Cyber Security Services at ALC Group where he is responsible for the development and implementation of ALC Group’s information security training program throughout the Asia-Pacific region and for managing ALC’s broader range of cyber security services. Peter is exceptionally well qualified for this role and brings to bear a career spanning 30 years in IT with the last 15 years focusing on information security.