Designing a Cyber Defence Strategy for your Firm
02 December 2022
Firms large and small are struggling to know how to manage their cyber security and what’s best to protect themselves from phishing and ransomware attacks. Some through strict compliance with GDPR are doing well, but some are unwilling to grapple with the number one cause of cyber crime; human error.
As office technology becomes the driving force behind firms of all sizes, the need to protect it from cyber attack grows. The thought of a data loss incident, phishing fraud or ransomware is unthinkable, each with the potential to do untolled damage to customer relations, and levy heavy fines. Whilst phishing remains the number one threat to firms, some of the biggest frauds succeeded with no more than a simple email instruction, without any attachments or embedded links.All you need to do is write a convincing email it seems. Cyber security breaches are never the result of something that could not have been prevented. Whilst small firms imagine they are under the radar of cyber criminals, they are not. It is because so many SMEs think this way that cyber criminals are finding them such easy targets. Now is the time for all organisations, and particularly SMEs to look at the many simple ways they can improve their security posture to ensure they comply with all current and forthcoming data protection regulations.
Data security should not be seen as a chore but as a clear demonstration that your firm is taking its data security responsibilities seriously, giving you a competitive edge over your more hesitant rivals. To survive any of these incidents takes commercial strength and managerial vigilance to deal with the IT issues, the legal obligations and customer relations consequences. Not only will this kind of approach help solve the problem more quickly, it also demonstrates that the firm took the necessary steps to defend itself and therefore more likely to recover from the possible actions by regulators and customers. Designing a cyber defence strategy for your firm requires more than just IT. IT is certainly important, but the fact is cyber criminals are avoiding most of the security hard and software traps being set for them and going for the humans, who continue to be the weakest link. This lack of appreciation of the threats is a dangerous security gap that cyber criminals are successfully exploiting everyday; it needs to be plugged and quickly. Defending your firm against all the usual threats requires a smart mix of IT hard and software, management commitment, staff training, Cyber Essentials type system controls, and insurance.
A defence package like this makes your firm a far more difficult target for the cyber criminal to break into. The UK government has done a lot to create a large chunk of this with its own Cyber Essentials Certification Scheme. It is supported by industry and offers every business a simple and highly effective cyber security template. There is a self-assessment version and the Cyber Essentials Plus option, where you are independently audited. Most firms know they need to take control of their cyber security, but don’t know where to start.
A new Readiness Tool developed by Information Assurance for Small and Medium Enterprises (IASME) is the first step in the journey towards becoming Cyber Essentials certified. It is designed to support and educate, shedding light on some of the technical terms and acronyms to create a tailored pathway for firms to follow. Over 100,000 firms have now been Cyber Essentials certified. To download the question set click: https://iasme.co.uk/wp-content/uploads/2021/11/Cyber-Essentials-only-question-booklet_vEvendine.pdf Research has shown that when these Cyber Essentials techniques are applied, up to 80% of cyber attack threats are blocked. These tactics techniques and procedures (TTP) need not cost anything, requiring instead a set of administrative standards for office security, governing staff behaviour when online, cyber security policies for financial controls, password management, IT gateway configurations and the much talked about need for regular operating system patching. Alongside the Cyber Essentials Accreditation comes cyber security awareness training. Whilst classroom style training exists, the latest cyber security training, particularly for regulated industries is now online and continuous.
Managed by the HR department or Compliance, employees are set training that matches their risk level. A receptionist would be low risk but someone in accounts would be high risk. Each would use a training platform tailored to their risk status, that is user friendly, intuitive, offering an affordable way to access highly effective cyber awareness training conveniently in the office, on the job, using continuous learning programmes. In addition to cyber security training, a data security programme could examine and identify your data sources and how to protect them. At the same time your data and cyber policies will lay-down standards for how management and staff use office technology and their responsibility for identifying and reporting unusual activity. It is a simple way to lay-down the do’s and don’ts when on the Web and dealing with emails. Even with the best security software that IT budgets permit, Cyber Essentials Certification and cyber security awareness training, office networks are being penetrated. One ‘click’ of a rogue email by an employee could infect one or more workstation, allow hackers in, cause a data breach or even a cyber ransom demand. Most firms have smoke and fire alarms throughout their offices and hold regular fire drills, but they still insure the business against fire. The same should apply to your cyber risks, so even when you have taken all the steps to keep the business safe from a cyber-attack, you still need to insure against it. GDPR requires an organisation to report a cyber breach where personal data has been lost, in 72 hours. There are heavy fines and penalties for not reporting, so who are you going to call when this happens; your company solicitors, your accountants, the police, who? A cyber risks or commercial crime insurance policy is the answer. It gives you access to a 24/7 Helpline to call when you suspect a cyber attack. This will help with deciding whether personal data has actually been lost or stolen and whether to report it or not; help with contacting the firm’s clients where and when required; access to forensics; help with data restoration; help with legal expenses and help dealing with and managing possible fines and penalties. This is the single most important reason for having a cyber risks insurance policy. The features and functions of most cyber risk insurance policies offer these core covers and give you that crucial lifeline when you suspect or have had a cyber breach incident. What you least expect sometimes happens!
Other Press Releases By This Company
- 23/01/2024 - The Case for Cyber Insurance
- 23/01/2024 - Hybrid Office
- 30/11/2023 - Cloud Services - Things Worth Checking
- 04/04/2023 - Email marketing was the most used digital communication tool in 2022.
- 27/01/2023 - Cloud Services – things worth checking
- 27/01/2023 - 'Prove It'
- 02/12/2022 - Cloud Services – things worth checking
- 12/10/2022 - 'Prove It'
- 02/08/2022 - Social Media - No longer an abstract asset?
- 02/08/2022 - Grow Your Website & Online Presence
- 02/08/2022 - Tackling data overload and cybercrime
- 06/06/2022 - Using Our Smartphone Security Credentials
- 06/06/2022 - Making Home Working Work
- 06/06/2022 - Tackling Incoming Cyber Threats
- 05/05/2022 - Videos and Social Media
- 14/04/2022 - Digital Signing Conveniences
- 14/04/2022 - Zero Trust Cyber and Data Security
- 14/04/2022 - Firms Getting Serious About Cyber Security
- 14/04/2022 - Create a Bigger and Better Web Presence
- 14/04/2022 - What is Social Engineering?