10 cyber security BEST practices for your business
It’s impossible to overstate the impact that technology has made on our lives. Smartphones, internet and the ever increasing number of Internet of Things (IoT) devices have altered the very way we conduct businesses. And while we have a lot to thank technology for, increasing digitisation has also led to the rise of a new evil – cybercrime.
According to the National Crime Records Bureau, a whopping 12,187 cases of cybercrime were logged in India in 2016. This number is made even more alarming by the fact that it doesn’t include the misdemeanours that went unreported, or the grievances that were taken to IT professionals instead of law enforcement. It’s clear that what was once thought of as a problem that only affects tech companies and professionals is now a very real concern for laymen, organisations from every industry and even entire nations.
Despite this, PwC’s Global State of Information Security Survey (GSISS) 2018 found that only 39% of 9,500 C-suite executives and IT directors were confident in their venture’s ability to identify the culprit in case of a cyberattack. This makes it more important than ever for businesses to establish practices that protect them, their workforce and customers. And while no two companies are alike, here are 10 basic measures that every enterprise should take:
Put Security at the Fore
It’s no longer enough to merely put a few safeguards in place for your product or organisation, where information is concerned. The only assured way to remain safe is to build your entire brand or product on the very foundation of cyber security.
At a product level, make sure that your websites and mobile applications are secured with a Transport Level Security (TLS) protocol that encrypts data between servers. At an organisational level, encourage your workforce to build and use products and/or systems in a way that reduces the likelihood of cyberattacks, ensure that the wireless internet network being used is secure, and enable multi-factor authentication wherever possible.
Incorporate Cyber Security into Your Risk Management Strategy
For any practice to become commonplace within an enterprise, it must be integrated into the risk management strategy and followed diligently by the C-suite executives. Define the parameters within which employees and the company need to function and, if necessary, put incentives and penalties into place to reinforce these practices.
Train Your Personnel to Follow Best Practices
Vigilant employees are the key to a successful business. For maximum effect, raise awareness about cyber security right from the onboarding process. Educate your team about how to identify malicious links, phishing websites and other scams that could lead to an attack. Insist on strong and unique passwords for all devices, email accounts and other systems that house confidential information, and reward those who follow the best practices.
Teach Through Experience
While explaining cyber security in theory is a good start, there’s no teacher quite like experience. Run regular simulations and drills, and work with an IT expert to tweak them to be relevant to your business and employees. This will give you a comprehensive understanding of where your brand stands, helping you decide what safeguards need to be put in place.
Know Your Data
It’s easy to underestimate the sheer amount of data collected by your systems on a daily basis. This could also include data that isn’t of relevance to your company, but could easily be misused if the wrong person got ahold of it. Conduct a thorough analysis of all the information being logged, and stop collecting anything that isn’t required by you or mandated by the authorities. Not only will this prevent any misuse, but you can also avoid wasting the resources needed to protect redundant details.
Compartmentalise Your Data
Once you’ve understood your data and eliminated the clutter, compartmentalise existing and new information on the basis of importance and restrict access to them using OTPs, passwords and multi-factor authentication. Since bank details, credit card pins and contact numbers are more likely to be targetted, access to them needs to be limited to fewer people than invoice numbers, which may be required by various departments in the firm.
Establish a BYOD Policy
Increased access to gadgets and connectivity has made it common for employees to work from their personal laptops and smartphones, even if it is for a brief period. And while this increases productivity and brings down the cost of procuring systems, it also poses a whole new set of challenges. This makes it absolutely essential for an organisation to lay down a ‘bring your own device’ (BYOD) policy, which insists on basic security practices like regular back-ups, password protection, and updated anti-spyware and antivirus software, to name a few.
Devise a Contingency Plan
It’s unfortunate, but cyberattacks do take place, and it’s always better to have a clear, concise plan of action before the need arises. Devise a step-by-step plan that identifies all the key individuals who would need to step in, and their respective roles. The formation of a response team, investigation, a press statement and enlisting law enforcement are a few of the things that could be an integral part of your plan.
Don’t Underestimate Email
Email has revolutionised the way we communicate with each other, but it has also become the gateway for a significant number of attacks. It’s not uncommon for employees to fall for phishing scams, which have consequences for the entire company. Invest in a good email filtering software, which eliminates suspicious emails from your employees’ inboxes. Brands have also found success with programs that block any links or attachments in emails from unknown domains. Educating your team about the dangers of sharing confidential information with unknown senders and encouraging them to be vigilant about reporting anything that slips through the cracks will also go a long way.
Keep Evolving
With every passing day, a new software or device hits the market, and with it, a new threat. This is why, it is not enough to devise a cybersecurity strategy and blindly follow it for years to come. Revisit the protocols that have been put into place at least once every quarter, and enlist a dedicated team to keep track of any developments in the field and ensure that you stay ahead of the curve.