It’s one of the things businesses fear the most yet somehow tend do the least to prevent. No, we’re not talking about competitors, we’re on about cyber attacks. According to the tech geeks, an imminent cyber attack on your business is an incident just waiting to happen.
If you comb through the pages of any broadsheet newspaper (or tabloid for that matter), you’ll no doubt have read about the possible causes, motivations and methods of the TalkTalk data security breach that has compromised the personal information of 1.2 million customers – giving the telecoms industry more than a little Halloween fright.
Whilst newspaper column inches and internet forums are full of discussions about how TalkTalk’s customer information wasn’t encrypted, these chats may well have missed a trick. Although important, encryption is only one part of any comprehensive data security plan.
Cyber security starts with your staff (all of them)
Your business can only ever handle a security breach that it knows about.
But according to a study by cybersecurity firm FireEye, it takes an average of 205 days for a company to pick up on a data breach (and less than a third of companies do so through their own resources).
One way your business can shorten the time it takes to detect a data breach and reduce overall losses is to make all your staff fully paid-up members of the cyber security team. In a nutshell, everyone from the cleaners to the Chief Information Security Officer should make it their business to know everything there is to know about operational security.
The days of information security being the exclusive domain of the IT department belong to a bygone era. For your business to stand a chance against the onslaught of data hacks, cyber security must become a cultural staple of your business. This will mean it affects the following aspects of your company:
- Time management
- Preparation (to prevent a breach and have a crisis response plan in place)
Here’s four things to remember when you’re trying to create a culture of cyber security.
1. Cyber security is more than about avoiding dodgy websites during work hours
Send out the message – loud and clear – that being ‘safe’ on staff computers isn’t just about steering clear of websites that your mother wouldn’t approve of.
2. Cyber security is just as important as physical security
Spend the same amount of time talking about cyber security as you do harping on about the physical security of your office building after hours and all will be well.
3. Cyber security calls for good ‘housekeeping’
Teach all your staff good cyber ‘housekeeping’ – for example:
- Don’t click on links to unknown sources in emails
- Don’t keep passwords in an open digital or physical medium
4. Cyber security should have limited administrators
Limiting the administrative capacity of ordinary users isn’t the kind of task you set aside for a half-hour lunch break, but it’s super important in terms of managing risk.
Four cyber security faux pas
With cyber security culture all but embedded in your business, here are four potentially harmful scenarios that you should keep your eyes peeled for.
1. ‘Shy’ social media staff
We all know them. Staff who spend more time posting ‘selfies’ on Facebook than doing anything that even vaguely resembles paid work.
If one of these staff members inadvertently has their public account on display, which reveals their full name and date of birth, that’s all a cyber predator needs to potentially get hold of other crucial info to hack into your firm’s business and personal accounts.
2. Public WiFi accounts
These seemingly respectable ‘shadow’ WiFi accounts pop up in public places, like airports, hotels and conference halls, and jump on mobile devices which are set to connect to the nearest open network.
Business travellers often get taken in by their veneer of respectability and unwittingly expose company information lying dormant on their iPhone, iPad or laptop.
3. Unprotected passwords
It may be hard to believe, but many people still write down their passwords inside notebooks or in unencrypted files on their laptop or mobile device. This is a hacker’s paradise.
4. Unrecognised links
A single click on a link emailed by a stranger could see malware infect your firm’s entire network.
Just because the so-called ‘big’ firms get slammed with data breaches doesn’t mean that the task of protecting your business from a data breach is insurmountable. The truth is, security patch programs, crisis recovery policies, threat management system deployment and, above all, cultural cyber security can give cyber criminals a run for their money.