In business, the threats posed by cybercriminals conducting cyber attacks are a clear and present danger to a company’s continued smooth functioning. It is estimated that the average cost of a successful cyber attack on a firm is $200,000 when it results in a data breach. In addition to the financial cost of a successful attack comes the loss of business reputation, brand image, and trust from the customer base. It is a fact that no business is ever 100% protected from acts of cybercrime and they can affect organizations of any size and in any sector of business and commerce. Thankfully, all businesses can take significant steps to reduce the likelihood of a cyber attack and the damage that it can cause. In this article, three key ways in which any firm can improve its cyber security will be explored in detail.
Comprehensive Staff Training
It should be recognized that awareness of cyber security issues and the steps needed to minimize the risk of attacks should be understood by staff at all levels of an organization. This knowledge should not be confined to IT and data security teams because a cyber attack can be directed at any staff member who operates IT equipment on the company network. There is a need for regular staff training programmes (ideally conducted on an annual basis as part of a comprehensive suite of mandatory training programs) that seek to raise awareness of the methods that cybercriminals use and what action to take when an attack is suspected. Senior staff members should also have access to suitable training programs, such as cyber security training for executives. By rolling out a training program for all levels of staff, the organization will be able to reduce the likelihood of a successful cyber attack and minimize any weak points due to a lack of staff awareness.
Insist on Strong Passwords
Most people recognize the value of using strong passwords when logging onto any system, whether it be at work or in their personal lives. Strong passwords that contain a mix of lower and upper case characters, along with numbers and symbols, are far harder to crack than simple, memorable words. A recent study found that almost 20% of passwords that are used in a business context are considered to be weak. Weak passwords can provide an easy route into a company’s IT infrastructure for hackers with only a moderate amount of knowledge of the subject. As such, all organizations should insist that employees use strong passwords for all business applications and that they are changed regularly.
Create an IT Risk Register
An effective way to give a business a thorough understanding of its levels of vulnerability to cyber attacks is to create a comprehensive IT risk register. This should include all known risks that are posed to IT infrastructure and the effects on a business, should they be compromised. Risk registers commonly use a likelihood and consequence matrix to gain a clear picture of the relative risks that are posed to an organization and this method of evaluating risks can easily be transferred to IT infrastructures. An IT risk register should be developed by senior IT staff and needs to be regularly monitored and updated when new risks are identified. Remedial action can be taken to counter known risks and, therefore, protect the organization more effectively from cyber attacks.