Many of us don’t like to hear about cyber security, and I understand that! This topic may seem too technical, complex or even boring. This may also result from personal beliefs such as:
– I have antivirus software on my computer, so my data is safe
– cyber attacks happen only to large organisations, which we hear about in the media…
Some of us, on the other hand, are terrified and take cyber security seriously, but I’m afraid not seriously enough! Why? Because having antivirus, cloud storage or backup is not enough. Having a Multi-Factor Authenticator for all users or using VPN connections to access your files is a good start, but it’s not enough, not anymore!
Cyber security should be your priority
Cyber security should be a priority for every company, regardless of its size or industry, and should apply to everyone, not just to directors and senior managers, as the statistics show.
Cyber security should be really important to employees because 90% of cyber attacks occur due to human error. Offering employee training would therefore be very useful for companies (…and our households too – personal data security should also be your priority!)
96% of businesses in the UK have at least one of these elements:
- online bank account
- social media account or pages
- personal information about customers held electronically
- network-connected devices
- ability for customers to order or pay online
- computer, smartphone and email are tools without which it is impossible to run a successful business these days
Today’s environment proves that technology, cyber security, compliance and governance cannot exist separately and must be taken seriously.
Cyber Environment
Cyber security breaches are a serious threat. 4 out of 10 companies have reported a cyber security breach or attack in the last 12 months, and phishing is considered the most common threat vector (83%) which results in serious destructions such as:
- Loss of money, data or other assets
- 35% of companies suffer from wider business disruptions
It is also a common threat, and 49% of businesses admitted that it happens once a month or more often. About a quarter admitted that they experience violations or attacks at least once a week.
Isn’t this a reason to take additional steps?
You MUST:
- Deploy security and user monitoring tools
- Have up-to-date malware protection and configure firewalls
- Use computers with current versions of the Windows operating system, as older versions pose a significant security risk
- Be proactive and adapt to changing laws and regulations on an ongoing basis, and ensure that appropriate safeguards are put in place. These must become part of the organisational culture and work culture in general
- Inform your team about the actions taken
- Offer training and updates, and conduct spam phishing exercises
- Change your approach to cyber security:
– manage risk and carry out technical controls
– have insurance in place (cyber insurance)
– raise employee awareness and your own (cyber security awareness training)
– change the approach and policy in the field of management (Policy and Procedures) based on business goals and possibilities. The documentation should include homework/remote work, software as a service (SaaS) and the use of personal work devices (BYOD).
Talk to the experts
Get advice from the experts on how to maintain compliance and governance and what steps to take to minimise the risk associated with cyber attacks and their negative effects. (Just in case you have not realised, we are the experts!)
If you have additional questions regarding cybersecurity, employee training, risk assessment/management, compliance, governance or business documentation, I invite you to contact me.
Kamila
