5 Steps to Improve Your Company’s Cyber Security Posture
by Rhiannon Hughes
39% of businesses and 26% of charities in the UK reported having cyber security breaches or attacks in the last twelve months. A strong cyber security posture is essential for any business to detect and prevent intrusions, data breaches, ransomware, and the theft of intellectual property.
Poor cybersecurity practices can harm an organisations reputation, potentially ruining future business opportunities. Additionally, following the introduction of GDPR, businesses have a responsibility to protect their clients’ data. Failure to do so can result in a fine of up to €20 million or 4% of annual global turnover. Although improving your organisation’s cyber security can be a daunting task, it is a necessary one. This article will set out five positive steps you can take to begin the process.
3 Significant Cyber Security Breaches in 2021…
ACER - The Taiwanese computer giant was hit by a $50 million ransomware attack in March 2021.
COLONIAL PIPELINE - On May 7, malicious attackers compromised the network of Colonial Pipeline. Within several hours, the company paid the ransom request of 75 bitcoin or $4.4 million.
MICROSOFT EXCHANGE - Beginning in January, a global wave of cyber-attacks and data breaches began after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers.
1. Secure Remote Workers
The dramatic increase of employees working from home in 2020 led to a significant spike in cyber-attacks. The reason for this is that, in general, home networks are less secure than corporate infrastructure. Securing remote workers networks is an essential measure for protecting your business.
There are several measures you can take to help avoid a problem. Using a VPN to create a secure and encrypted tunnel between corporate infrastructure and remote workers devices is an effective step to make. It is also valuable to create stringent policies to manage file sharing, cloud services, and storage. Another proactive step is to provide tools for secure collaboration between employees. If you do not provide secure platforms for collaboration, employees will attempt to find their own.
Considering the Zoom data breach, the platform you choose is important. The simplest step to help secure your remote workers is to regularly check in with them to keep them up to date with company procedures and best practices. It can be a challenging process, but the additional vulnerabilities presented by remote working means that it pays to be proactive.
2. Phishing Simulations
In the past twelve months, 83% of businesses identified a phishing attack. It only takes one click on an email to compromise your infrastructure. Phishing attacks can be extremely costly for businesses. For example, Crelan Bank lost €70 million in a CEO fraud attack.
Phishing simulations train your staff on how to spot malicious emails. Simulations also enable you to train your staff on how to effectively respond to and report a potential phishing attack. The rise in remote working and online communication between colleagues provides new avenues for attackers to phishing emails to compromise your systems. Phishing simulations prepare your staff for a real-life incident and could save your business millions.
3. Create a Culture of Cyber Security
Employees can be your biggest weakness. Attackers count on your staff to be distracted and click on that one harmless-looking link or inadvertently provide confidential information that can help them breach your network. The best way to strengthen your organisation's security posture is to strengthen your team’s cyber security knowledge.
Make cyber security part of your culture and ensure that responsibility isn’t just left to your IT staff. Regular training is the most effective way to go about this. Rather than relying on one annual lecture, good training will be positive and fun, leaving your team with the sense that better security can happen with their help. It can be helpful to keep communication going outside of designated training time.
Brief updates and newsletters regarding interesting cyber security news and breaches create opportunities for the whole of your business to discuss cybersecurity, in addition to reminding your team of the importance of best practices. Finally, being consistent is important. Cyber security best practice should be encouraged across the whole of the organisation, including recruitment and the offboarding process.
4. Keep Your Devices Up to Date
A simple, but often overlooked, step to improving your businesses cyber security posture is to keep your operating systems and software up to date. Keeping your devices up to date ensure that you are using the latest security patches available. One of the foremost risks of an outdated system is ransomware.
Over 67% of computers affected by the 2017 WannaCry ransomware were those that had delayed updating to Windows 7 at the time. Setting up auto-updates for all operating systems, software and applications is a simple way to keep up to date. The same applies to mobile devices. It is also important to remove any unsupported or unused software from your devices.
5. Governance
Governance holds your businesses infrastructure together. Creating a cyber strategy enables you to have visibility across your infrastructure, in addition to encouraging you to create effective policies and procedures for protecting your data. There are a variety of standards that businesses all of sizes can work towards. Standards differ between countries, and some US states require compliance to additional standards.
In general, Cyber Essentials is a great first step for UK based businesses to build a strategy. CE covers the following areas: firewalls, patch management, malware protection, secure configuration, and access control. After completing CE, you could move on to achieve CEP, IASME, SOC 1 & 2, FISMA and ISO 27001.
In addition to helping your business to create a robust strategy, these standards reassure clients that you are taking every measure possible to protect their data. Moreover, most government contracts and large corporations demand compliance with at least one of these standards before agreeing on a business deal.
Sources
Cyber Security Breaches Survey 2021
Top Cyber Security Breaches that happened in 2021
The Dirty Dozen: The 12 Most Costly Phishing Attack Examples
If you want to know more about how you can improve your cyber security posture, get in touch with our specialist team at 0800 368 9397 or info@wolfberrycs.com.
Alternatively, you can use the contact form below.