By Stew Hogg founder of the Cyber Resilience team at Waterstons, a NEBRC Trusted Partner
With regular alarmist headlines describing state-sponsored hackers, teenagers in their bedrooms bringing large corporations to their knees, and even the devices in your home being compromised to launch attacks on a global scale, effectively securing your business can seem like an impossible goal. Businesses are being told it could be them next, but with so much scaremongering, it is hard to know what steps to take first.
At Waterstons we believe that every organisation, whether large or small, can take simple steps to greatly improve its security defences by engaging its employees, implementing a number of basic security controls, and making cyber security part of their everyday culture.
So, where exactly do you start?
1. Get the basics right
A large proportion of attacks could be prevented if basic security measures are put in place. Cyber criminals are constantly scanning the internet for easy targets with known security vulnerabilities.
Your business can protect against these entry-level attacks by implementing the basic steps outlined within the government-backed, industry-supported ‘Cyber Essentials’ scheme. By focussing on the key defences outlined in the standard, from firewall security to anti-malware protection, an organisation can dramatically reduce the risk of security incident.
2. Engage your people
For a long time, people have been viewed as the weakest link when it comes to security, however we are strong believers that your staff can become your greatest asset through engagement, education, and empowerment.
By working collaboratively with colleagues from across the organisation you can more effectively identify key risks, and together find pragmatic solutions that optimise security without inhibiting day-to-day activity. Through engagement and education at this level, staff are more likely to adopt and improve secure working practices rather than circumvent them.
3. Establish a Cyber Resilience Culture
Once you have addressed the technical gaps and equipped your people you can start making cyber resilience part of your everyday culture. We find that when organisations treat security as a one-off project, they make quick progress but inevitably the project ends, resources are diverted, and ground is lost in the fight against the cyber criminals. The answer: make cyber security part of “business as usual” for your organisation.
A great way to make this a reality is by borrowing from best practice standards such as ISO 27001. This allows you to shift from a reactive to proactive approach by ensuring new risks are assessed as they emerge and are mitigated appropriately.
Beginning this journey can seem daunting, but it doesn’t have to. Filter out the noise of security products that promise the world and if you need help, choose a reliable trusted partner to help implement a cyber strategy tailored to your business.
Start with these three key steps, and you will have made a significant progress on the journey to cyber-securing your business.
For further information on Waterstons visit: www.waterstons.com