Did you know? Yahoo, Google, eBay and AOL, some of the world's largest organisations have
all fallen victim to cyber-attacks and "lost" their customer details.
The Institute of Risk management states that:
Cyber Risk means any risk of financial loss, disruption or damage to the reputation of
an organisation from some sort of failure of its information technology systems.
Don't worry though, just by implementing some good habits you can avoid becoming a victim.
- Protect data that leaves your organisation with your staff.
Most organisations large or small have staff that work from home or out in the field so it is
important to train and protect them well from cyber-risk. Create baseline security to all IT
and mobile devices to protect data with passwords and create a specific policy in your
handbook for mobile workers to adhere to. Complement this with staff training and refreshers
to keep standards high.
- Train your staff.
Not just mobile workers but office based staff need training to help protect your IT network.
Even the largest organisations can suffer from virus or malware as they are being written and
used by cyber criminals just as fast as the antivirus software is updated. Ensure that even
the most junior member of staff is aware of a virus threat; after all they are most likely
the ones who would naively open a suspect email attachment.
- Create a back-up plan.
Inevitably there will be a breach at some time within your organisation so make sure you have
a manager or team in charge of handling it as quickly as possible. Get them specialist
training to produce a disaster recovery plan and make sure it includes reporting the incident
to the Police.
- Develop a robust Information Risk Management Regime.
Ensure that cyber-risk is part of your overall risk management system and produce supporting
risk management policies.
- Control & manage access to confidential data.
The less people who have access to data the less the risk of it being unintentionally
disclosed. Create a hierarchical password structure that limits user privileges and build in
second user authorisation practices to maintain this. Try and keep ADMIN level users to a
- Control usage and scan USB, card and other flash drives or mobile media.
Produce a policy to control your staff's usage of mobile media storage and limit their types
and use. Scan all media for malware before importing on to corporate system.
- Keep on monitoring your security measures.
Create a schedule to analyse your IT system and networks for unusual activity that could
indicate and attack. Make this someone's role and implement a monitoring strategy and
policies for when they are on leave so the schedule can be maintained by another member of
- Keep Secure Configurations.
Build into your schedule the continuous update of security patches, making sure all your
existing PCs and devices are updated as well as newly introduced hardware. Use an Asset log
to help with this procedure.
- Keep scanning for Malware.
Establish anti-malware defences that are relevant to all your business functions and keep
scanning for malware across the organisation.
- Maintain high standards of Network Security.
Use firewalls and specialist hardware to keep your network's perimeter robust to filter out
unauthorised access and malicious content. Monitor and test these security controls
Get Started Today...
These 10 steps will help prevent attacks but of course cannot ensure the protection against all
attackers. You will need to tailor them to suit your organisation and the environment it
operates in. In terms of both hardware and staff, it is vital to identify threats, manage risks,
create anti cyber-crime policies and uphold and update them regularly.
Having even the most basic system security in place can prevent a large amount of
cyber-attacks, but this won't stop them all. The technology to protect against cyber risks also
needs to be managed, it is important to recognise what the companies most valuable assets are,
such as confidential information and intellectual property. Identify any risks to the company's
information assets, such as the people who have access to the information and the type of people
who might want to target that information from the outside. Always plan for the worst case
scenario, so if a cyber-attack occurs the company can recover quickly and effectively, assess
how and why the attack occurred and prevent it happening in the future.
Insurance is always important in the event of a cyber-attack and can help cover the
costs, but insurance can't protect you from a damaged reputation. Having the technology in place
to protect you from a cyber-attack in the first place is very important, but cyber risks aren't
just a concern for the IT department, organisational and human factors are just as important,
educating staff in the correct procedures and potential risks can be highly effective in
preventing an internal breach of security.