July 30, 2019
Cyber security and associated vulnerabilities never seem to be out of the news. New scams, new methods of attack and new hacking techniques seem to catch even the best known and well-resourced organisations out all the time.
Your first step in the plan of action is to ensure your employees are aware of the threats they’re vulnerable to, the threats are now harder to detect than ever.
So how can you prevent falling victim to cyber attack?
This article provides actionable tips you can deploy to employees to help keep your organisation safer.
1. Make your organisation cyber security aware
Cyber security is a little like health and safety in the sense its success depends on the culture you cultivate. A carefree attitude results in accidents at work and in the world of cyber security this results in sabotaged systems and missing data. Like health and safety, this results in hefty company and personal fines and reputation damage.
Communicate clearly the threat of cyber security and continuously update your teams as to new threats as they emerge. The once a year philosophy to cyber security training is completely outmoded.
2. ‘Live Fire’ training exercises are a must
Here, your cyber security teams simulate cyber attacks on all departments in an organisation and measure results. Attacks normally take the form of phishing attacks and after the exercise is over you can gauge results.
From here you can:
- Identify the overall percentage of staff that fell for the scam
- Identify the departments that need work
- Shape cyber security awareness training to address problem areas
- Show evidence of continuous improvement in audits and the like
Arguably, this is the best way to train staff in cyber security awareness.
3. Introduce cyber security from day one
It is best practice to build cyber security into the on-boarding process. This informs your new employee that this is a shared responsibility. Educate your new staff member as to all procedures and policies relating to cyber security.
4. Make sure the C-Suite is on-board
It is vital that the C-Suite be on-board and be fully aware of potential consequences both on a company and individual basis.
Cyber security is a serious business at every level.
Reporting structures should reflect that.
5. Evaluate, Evaluate, Evaluate
In earlier posts, we discussed how using pen testers and red teams were important for testing your system. This evaluation process should intertwine with your ‘Live Fire’ exercises. It is good practice to conduct an evaluation after:
- A cyber attack
- Infrastructure or software upgrade
- New threats emerge
6. Communicate threats and developments
Communication is vital to repelling cyber security threats and keeping your organisation safe. Staff should be aware when new threats emerge and the consequences of data breaches made clear.
In addition to briefings, try and hold regular meetings or make it part of another meeting. Pass progress and incident reports along the chain of command.
7. Revise policies to include email, browsing, and mobile device rules
Ensure that policies include specific rules pertaining to email, browsing, and mobile device use. It should be clear to staff what they can and can’t do and the consequences for misuse. Your policy should be clear on what staff should do should they suspect a security breach or if a mobile device goes missing.
Try and make these rules easy to follow and understand.
8. Be up to date on password management
Password management is vitally important to cyber security. It is good practice to follow the guidelines set down by The National Cyber Security Agency. Currently, this is using the three random word principle as opposed to constant changes to a user’s password.
9. Hold regular cyber security briefings
To keep the information flow on-point hold cyber security briefings. Try and ensure this is a two-way process and that recorded feedback is acted upon. Communication lines are vital to good cyber security awareness.
It’s important to talk to a team that knows cyber security inside out. Our teams are ready to help you and advise you on important aspects of your organisation’s security. We can bring you up to speed quickly and provide policies and practices that will minimise the success rate of cyber attacks. Talk to us.
- What is the CIA Triad?
- Types of penetration test: What’s the difference?
- TOP TIPS: How to protect against social engineering
- INFOGRAPHIC: SOC team roles and responsibilities
- INFOGRAPHIC: Malware examples: What are the different types?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.