There are some situations we face where it is right to be reactive rather than proactive, but your organisation’s cyber security isn’t one of them.
Cyber security is a real and present threat to all companies who have any kind of email and web infrastructure. There are lots of stories in the press about systems being hacked, money moved and client data compromised.
However, making knee-jerk decisions in the short term can lead to problems further down the line.
Even Bill Burr, the man behind the current complicated password protocols, reportedly believes he got it wrong. By creating such complex requirements, he inadvertently pushed users to create very basic password such as “password” itself.
Companies need to remember that while technology has brought huge commercial benefits and opened up routes to previously inaccessible markets, it also moves on and changes seemingly every day. Cyber security policies and strategies needs to reflect this, and they must be flexible enough to move with technology over the longer term.
An organisation’s long-term cyber strategy needs to be driven from the board down. Ultimately, any cyber security issue will impact the company’s reputation and share price, and it could even threaten a business’s entire existence in extreme cases.
The National Cyber Security Centre provides guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.
Rigid risk management regime
At the heart of an organisation’s cyber security strategy should be a rigorous risk management regime that constantly evaluates what the risks are, where they are likely to come from, and how best to prevent them.
Part of that regime should be regular file integrity monitoring, which can be provided by companies such as https://www.promisec.com/file-integrity-monitoring-software/. This process involves checking the integrity of your operating systems and application files against a known standard.
People tend to think of the actual technology itself when they think of cyber security, but it is also important to remember that your employees play a huge role, too. Part of any risk management regime must be a structured and ongoing training and development programme in addition to meticulous monitoring of employees’ online activity.
The internet can provide great opportunities to businesses if the threats are understood and well-managed.