Cybersecurity and its importance within business strategy has long been a topic of discussion within the corporate world. And no matter the size or sector in which an organisation operates, being as protected as possible from online criminals should be high on the agenda.
Here, Mike Dunleavy, client director at IT services firm, Central, shares his top five tips on how companies can manage – and enhance – their cybersecurity, as they look ahead and beyond the pandemic.
Cybersecurity and the pandemic
The cybersecurity space continues to evolve at pace – with new threats and tactics emerging daily. And the methods hackers are using to intercept data and access businesses’ systems are becoming increasingly sophisticated, as they try to find ways to outfox the protection offered by existing security software.
The truth is, a cyberattack can happen to any organisation. Gov.uk reports that four in 10 businesses (39%) and a quarter of charities (26%) have reported a cybersecurity breach or attack in the last 12 months. It also found that these percentages are higher among medium (65%) and large (64%) businesses, and high-income charities (51%).
These figures are hard-hitting, and what’s equally concerning is that a quarter of these organisations report experiencing them at least once per week.
In another report, it was also revealed that respondents believed their company had become more vulnerable to cyberattacks since the onset of Covid-19. In reality, when the world transitioned from the office to working from home, this naturally saw an increase in the success of cyber criminals’ tactics – with a record number of coronavirus-related phishing emails, more than 18 million in fact, being sent per day.
As businesses continue to operate either fully remote and hybrid working models, it’s never been a more important time for enterprises to make sure their cyber defences are up to date and doing their job properly. Otherwise, it can inflict serious security, reputational, and financial damage on a business.
- Get the foundations right
The first step in ensuring a firm is as protected as it can be against any lurking cyber threats is to stand back and get the basics right. After all, positive changes can only be made if it’s clear what the starting point looks like.
In truth, there’s no ‘one-size-fits-all’ approach to IT security, so it’s crucial to take a breath and not feel compelled to compare one firm with another, and go out and buy all the ‘latest’ technology, thinking that will prevent and solve all problems. It really won’t.
Taking stock of IT infrastructure and auditing which cybersecurity software, firewalls, artificial intelligence tools, and policies are in place is the springboard to truly getting where business leaders want to be.
This will not only save organisations lots of money – by not purchasing equipment they don’t need – but it helps them to get a clearer picture of where they’re beginning and where they want to be.
- Learn from past mistakes
If a company has experienced a cyberattack in the past, it’s important not to simply brush it under the carpet – recognising it and using it to learn from is crucial is helping to prevent history from repeating itself.
Whether an employee clicked on a phishing email, or a network was infected by a virus, knowing how and where the incident originated is key to identifying areas that need attention. Once that’s determined, this is when companies’ in-house IT teams and/or managed IT service providers can work together to assess suitable products that will mitigate any future attacks.
By ignoring any incidents that happened previously, businesses are overlooking a key learning resource.
- Promote cybersecurity awareness
It may – or may not – come as a surprise but human error accounts for a great proportion of data breaches.
And successful cybersecurity needs a collective effort from everyone across an organisation – no matter their job title, daily duties, or whether they’re office-based or remote. The entire workforce has a responsibility to keep the business safe from online criminals, but they can only do this if awareness and training are made routinely available.
Knowing about the security programs that are in place across the business, along with some of the most common threats – and how to spot them – can go a long way in helping staff to feel more in tune and comfortable in knowing what to do if they think they’ve come across an issue.
Hosting virtual, interactive, and bitesize cybersecurity sessions, for example, could help personnel to recognise the tell-tale phishing email signs, and be aware of the most common ways bad actors try to gain access to systems and sensitive data. Without shining the spotlight on these issues, workforces likely won’t know about them – and where cybersecurity is concerned, ignorance is anything far from bliss.
- Don’t get complacent
Linked with the point above, even if organisations feel their staff are ‘bought in’ to the cybersecurity tools they implement, it’s super important that they don’t rest on their laurels.
Regular ‘penetration testing’ – effectively, a simulated cyberattack – is an effective way to determine exactly how personnel would approach a real-life incident.
Everyone makes mistakes, that much is true, but when it comes to cybersecurity, organisations can’t afford to slip up. That’s why ‘ethical hacking’, as it’s often referred to, is a useful tool that helps to uncover where potential internal or external vulnerabilities are within the system – before cybercriminals get there first.
There’s no need to panic though. These tests mimic the real thing but don’t cause any damage. Conducting them frequently helps to keep everyone alert, ensures a business’s current security strategy is working, and identifies any flaws in software, hardware, endpoints, or servers etc.
- Keep systems up to date
Another potential access point for online criminals can be opened up if security patches, policies, or software and hardware updates are ignored.
And at a time when hybrid working models are more popular than ever, it’s easy for security upgrades on remote workers’ laptops or smartphones, to be missed. That’s why it’s vital that all organisations have a robust mobile device management policy in place – making sure that all company equipment is updated at the same time, no matter its location.
Again, this is also linked very closely with staff awareness. They may see a pop-up about installing a new version of cybersecurity software or operating system, and if they always click ‘remind me later’, this can prove detrimental. Knowing that these updates contain essential bug fixes and security enhancements should hopefully make employees more clued-up on what it could mean if they don’t install them.
In reality, while these are five fundamental ways companies can get ahead of the cybersecurity curve in a post-pandemic world, every individual business – from its tech infrastructure to wider corporate objectives – is different. And this means the risk of being cyber-attacked varies too.
But by going back to basics and assessing what cybersecurity measures a firm has in place, this will equip teams with the tools to make informed, evidence-based decisions that will help the enterprise grow and reach its goals. And, ultimately, it’s the role of an IT partner – whether in house or outsourced – to ensure any gaps are plugged and the right solution is in place to facilitate this.