Take this simple approach to cybersecurity

Does your business or organisation need to get better at cybersecurity? It can feel overwhelming and be difficult to know where to start. But if you use this tried and tested seven-step approach, used by many organisations to be alert, prepared and protected against cybercrime, you will get there.

Remember - you’re in a race against hackers

Cyberthreats looms ever larger, and it is now more of a case of when a threat will strike, rather than if. You may be aware of some of the threats that could put you at risk, such as phishing emails and viruses, but it’s important to know there will be other threats you are not yet aware of.

This awareness of what you don’t know, ensures an on-guard attitude and vigilance.

Cybersecurity isn’t a one-time fix

Cybersecurity should be a strategic constant, involving everyone from the chief executive to admin staff to the person who locks your doors each night. It is a way of being, rather than something you just do: from running computer updates regularly to testing systems, to checking out new suppliers, stakeholders and partners. These should all be embedded and ongoing.

Seven-step approach to cybersecurity

Step 1: Understand what’s critical to your organisation

Ask yourself what is worth protecting, above all else. Where is it located and how do you protect it?

This isn’t just a case of business continuity, it’s also about minimising risk. Your most critical assets could be held in the cloud, on a hard drive or with a partner – identify them.

Step 2: Understand your interactions

Do you know everything you should about the people you share data with? Understand the systems you are using with clients, partners and suppliers and how information is passed between you. What are the viability and security of the systems they are using? Make it your business to know and understand them.

Step 3: Assess the risks

A vulnerability audit will assess your level of business continuity and areas of risk. Penetration testing will assess internal assets, external IPs and web applications.

Our motto is ‘test it so you can fix it’.

Testing is critical to understanding levels of risk and where remedial action is needed. All testing it should be done to a regular protocol.

Step 4: Raise awareness

Cybersecurity is not a compliance exercise, it is a way of working – a constant awareness of threats, risks and vulnerabilities. Every member of your organisation has a role to play, engaging in training to keep up to date and refreshed in new areas of cybercrime – from how to spot a scam email, to verifying identity, to password protocol. And don’t forget the physical security of your building and assets.

Step 5: Fortify your organisation

Awareness alone will not make you impenetrable, there must be action. Most cyberattacks occur in areas of well-known weakness, which means businesses are aware where their weaknesses but haven’t done anything about protecting them.

Take a risk-based rather than blanket approach. Could it be a patch-management programme that’s required? Does software development need to be more security minded? Is your access and identification process secure enough?

Whatever is needed, according to the level of risk – implement.

Step 6: Rehearse the inevitable

Do you have a security incident procedure in place? If you do, that’s great, but have you tested it? Remember, a security breach is a ‘when’ event, not ‘if’, so put a procedure in place that all staff run through regular rehearsals of to be prepared for when the real thing happens.

Your security incident procedure should answer:

• Who should you inform during and after the breach? 
• How will you contain the breach? 
• Which customers or users will you tell? How will you tell them? 
• How will you involve regulators? 
• How soon can your organisation recover its operation?

Step 7: Stay alert

Becoming a secure, vigilant and resilient organisation doesn’t happen overnight, but it can happen with this approach, embedding security-mindedness at all levels in your organisation, so that your operation can safely thrive now and into the future.

< Read more articles on our IT Academy