As new enterprise technologies spread, businesses across multiple sectors are coming to terms with a growing and rapidly evolving landscape of cyber-threats.
With much of this risk associated with 'third platform' enterprise technologies such as cloud computing, mobile devices and data analytics, many businesses are having to adopt new strategies in their fight against cyber threats. So how can you ensure that your company is protected against cyber-threats in today's technology-intensive business environment?
1. Review your security policies
From email phishing scams to ransomware to malicious websites, it is important to stay updated on the latest types of cyber-threats and scams that are going around, and to train your employees in how to recognise them. An all-too-common problem is employees using the same password for all their different accounts, as it only takes one password being stolen to expose all of their data. Of course, having a strong and unique password for each account may be difficult to enforce. One way around this is to use the approach of security expert Bruce Schneier, which is to take a sentence you find particularly memorable, and condense it into a sequence of letters and numbers that is difficult to crack.
Keep in mind that your IT security strategy affects everyone in the organisation. Therefore, staff training on cyber-security needs to address both external security threats as well as internal best practices relating to data security and privacy.
2. Audit and update your systems
One of the easiest and most effective ways to stay prepared for cyber-threats is simply to ensure that your network and computing devices are kept up to date. Don't ignore security notifications and alerts being sent from your operating systems, anti-virus software, web browsers and firewalls, as waiting until later to apply them can leave your data and networks vulnerable to hacks and malware. It can also make your IT infrastructure more vulnerable to advanced persistent threats (APT), which take advantage of neglected security holes to steal data over a long period of time while remaining undetected.
A bring your own device (BYOD) policy that allows employees to bring their own laptops, tablets and smartphones to work creates significant security risks and challenges in terms of securing your corporate data. A survey commissioned by Robert Half found that while 74 percent of companies allow employees to access company data on their personal devices, only 57 percent ask employees to sign an acceptable usage policy that protects company data, and 53 percent deploy secure mobile device management technology.
Providing employees with appropriate training on personal device security, alongside technology-based solutions such as maintaining an app blacklist and encrypting company documents, can help to mitigate BYOD risks.
3. Enhance your cloud security
This risk can be reduced by encrypting your data before uploading it to the cloud, or by using a cloud service that encrypts it by default. Also ensure that you use strong cloud passwords that are changed regularly, and take advantage of two-step verification options – such as requiring an SMS code along with a password to log in at the beginning of each day.
4. Hire security experts
The escalating cost and frequency of cyber-threats has resulted in an increasing number of companies forming their own teams of cyber-security experts, in order to preemptively discover and track security problems in their IT infrastructure. Although this can be a significant expense, it's worth weighing it up against the money, frustration (and reputation) it can save you down the road. There is also the option of training up your existing IT professionals, or using the services of contract IT professionals or external consultants.
Prepare your business against cyber-threats now
Every industry sector is facing a growing cyber-security threat, with digital security company Gemalto estimating that more than 700 million data losses or thefts occurred worldwide in 2015 alone.
Rather than waiting for a cyber-attack, it's much more sensible to assume that one will happen, and plan accordingly. By having the right tools, people and training programs in place, your company will be much better prepared for the worst when it occurs.