Cyber security - what's your plan?

All too often businesses assume that Cyber Security means complex solutions and more importantly a huge price tag. Far too many companies will bury their heads in the sand rather than face change or the unknown.

In 2021, almost 50% of cyber breaches impacted businesses with less than 1,000 employees. Cyber attacks are not reserved for big business. Any business that stores or handles personal information is at risk. A huge percentage of companies, especially SMEs, do not have an IT strategy that is suitable for their organization.

As companies grow, often the IT infrastructure is updated based on needs on the here and now rather than long term planning. When a company is planning for growth, going through changes, looking to the future IT strategy needs to be proactive not reactive. The business needs to look at potential risks and the impact on the business – questions must be asked. What happens if the business experiences loss of data? How does the business reach to a ransom ware attack? How does the business operate without the internet?

It's not just the multi nationals that need to ask these questions, its every business. When it comes to securing your data, protecting your company from cyber-attacks, size doesn’t matter.

When drawing up the IT strategy for the business there are several things to consider.

1.      Monitor and minimize – ensure that two step authentication is in place, use VPNs when working remotely. It’s a cliché, however that does not remove that fact that it’s very true – prevention is better than cure. Think about potential entry points, look at not only the work force but how that work force is operating. The increase of remote working, BYOD and more and more services moving to web-based applications all increase potential risk. Anti-Virus Software may be on work devices but what about mobile phone, tablets and individuals using their own systems. The growth of web-based applications does bring with it the headache of multiple access points. Employees are not restricted to specific devices. It’s pointless having huge bolts on the front door if the windows are left open

2.      Updates – software companies are always improving and adapting their solutions. Updates, even small patch updates are not done for the sake of it – there is a reason for them. Even the smallest of updates can make a big difference – one international communications company lost over 150,000 personal data records simply down to ignoring software updates. Make sure that updates are done when required, rather than putting them off.

3.      Back Up – in 2021, approximately 40% of businesses were hit by ransom ware attempts. Loss of data can have a huge impact on the business. It impacts the ability for the business to operate, it can impact the businesses reputation plus the added insult of potential fines and loss of current and future clients. Backing up data allows easier recovery; it ensures that a company can’t hold your data to ransom if you have an update date back up.

4.      Education, education, education – human error accounts for most cyber security issues. The most common form of a cyber breach is via a innocent email. Fraudulent emails that look like they have come internally or from a trusted source, can lead to security breaches. On average, a cyber attack happens well after the initial breach, sitting dormant biding time. Employees need to make sure they are aware of every possible risk. The difficulty often is different levels of understanding, preaching to the converted can have a negative effect. When considering training, it’s important to consider the pupils, their knowledge base not just the lesson on how you monitor it.

The final thing to consider is your current IT support – be that in house or outsourced. Is that IT support capable of being proactive, are they aware of the plans for the business. When was the last time your IT support took a step back from the business – reviewing and auditing the business.

If you are confused, worried, concerned then pick up the phone. Find out if your business has the IT strategy in place that suits your plans. 

#cybersecurity #itsupport #business