The fact that it’s hard to determine ROI on cyber security initiatives often leads to companies procrastinating when it comes to implementing a comprehensive Cyber Security Plan. But with the prevalence of data and the rise of cyber-attacks no company can afford to delay anymore.
What is cyber security?
Simply put, cyber security is the practice of protecting your network and your data. Much like you would protect your home and the contents within.
Why is it important?
Data protection has been brought into sharp focus for many with the implementation of POPI this year, but if compliance with this legislation is still your main driver of your data protection strategy, consider the effect on your business of these top 5 negative consequences of a cyber-attack that have been identified globally:
- Customer distrust and turnover
- Lost IP
- Disruption due to downtime or damages to critical infrastructure
- Recovery costs
- Lost revenue
According to a recent report by Interpol, the African Cyberthreat Assessment Report 2021, South Africa alone had 230 million cyber threats detected between January 2020 and February 2021, with the exploitation of these vulnerabilities estimated to cost SA businesses more than R2 billion a year.
Topping the list of threats in Africa were:
- Online scams
- Digital extortion
- Business email compromise
Are you the weakest link?
Most cyber-attacks are caused by human error, whether we open compromising e-mails, browse unsecured websites, fall for scams, or have weak passwords. Humans just are soft targets – even more so as we navigate the reality of hybrid or remote working, and return to work travel.
Some of the riskiest employee practices often quoted, and many of which you’ll unfortunately recognise, are:
- Accessing the internet via unsecured wireless networks – often people opt for ‘free and available’ before considering security
- Not deleting unnecessary confidential information from computers
- Sharing passwords or other authentication methods with others – especially when it’s convenient or when asked to by a colleague or ‘boss’
- Using the same username and password for different websites and/or online accounts
- Using generic USB drives that have not been properly encrypted to store or transfer confidential information
- Leaving computers unattended or not using privacy screens when outside the workplace
- Carrying unnecessary sensitive information on laptops when travelling
- Using personally owned mobile devices to access your business network
- Failing to notify companies after losing USB drives or personal devices like your phone that contain confidential data
Are you training your staff?
Hardly any of the above is intentional – like life, they just happen. This is where staff training can be useful to ensure that your team members understand what the threats look like, how easy it is to fall prey to them and their role in mitigating them. Also important is that your staff understand the consequences of their actions.
Training in not enough on its own though – ensure that your company fosters a culture of security awareness.
Do you understand your threat landscape?
In a rapidly advancing landscape, it’s hard to know where all future attacks will come from, but prior knowledge of possible dangers or problems gives one a tactical advantage and with the right tools, you can begin to understand where your biggest threats are coming from and protect yourself from future attacks.
Ensure you understand:
- What threats your company has experienced in the past
- What threats are prevalent in your industry or are being experienced by your competitors
- New security trends and threats
Do you have a plan in place?
While prevention is always better than cure, it’s only one part of the plan. Knowing how you’re going to respond to an attack when it does happen is equally important.
Consider the following points as a starting point to drafting your Cyber Security Plan:
- Risk Analysis – review current security measures and identify gaps
- Policies and Procedures – a comprehensive plan with clear instructions for everyone to respond to an incident
- Educate and adopt – staff training and adoption as part of company culture
- Validate – if you’re not already working with an outsource partner, find someone to review and test your thinking
- Enforce – consequences for actions
How can we help?
Business Technology offers our clients IT security risk and compliance audit services as well as the implementation of security plans including:
- Multi-Factor Authentication
- Software Patch Management
- Incident Response Plan
- Cyber Security Training
- Industry knowledge and general awareness of the current cyber security landscape
For more information on our business, team and services please visit www.businesstechnology.co.za
Doing business better. Together.