02 Nov 2018
2 Crucial Cyber Security Updates That Your Company Can't Ignore Anymore
Cyber security never stands still. While some basic components stay the same, like passwords, firewalls, and VPNs, the devil is in the details. For example, passwords need to become more complex to withstand smarter programs. Antimalware programs need to block a growing library of malicious code, and the old codes never completely disappear.
That means your cyber security plan needs to be two-fold:
- Strengthen standard protections. No matter what cyber attack steals the spotlight in the news, new threats aren't the only threats. Build up your network and your defences against both human error and old bots still roving the Internet.
- Anticipate new threats. With the rise of AI and the growing importance of data, the nature of online attacks is always changing. Be prepared for completely new attacks and the technology that can beat out last year's cyber defences.
When you're planning out your cyber security plan for 2019, make sure both of these tenets are observed. It's hard to persuade your managers or the board to apportion part of the budget for threats they haven't heard of, but it's part of being proactive. It can be just as hard to sell them on maintaining the basics, but an eroding cyber security foundation will always fall apart. Automating your patches and getting stronger firmware are clearly beneficial. So focus on these two areas that usually go ignored:
1. Get better employee training.
Your company's employees shouldn't be the first line of defence when it comes to cyber security. But even the most artificially intelligent and automated antimalware programs will let threats slip through the cracks. So your co-workers — in every department — need to be ready to stop them. Employee training should focus on these three key areas:
Don't get fooled by phishers.
As software tools get better, malicious actors are going to keep focusing on the easier target: the human element. So make sure your employees are trained to recognise the elements of a phishing scheme. Any emails that cause undue urgency (both positive and negative) need to be examined. Employees also need to have a crystal clear list of what information about the company they can disclose over email or on the phone.
Have a clear reporting policy.
Things are going to go wrong. An employee might accidentally download an .exe file that shouldn't be in the system, or your email program might have let a phishing email through. When employees don't know what to do about it, their default response will be to ignore it and hope for the best.
Don't let that happen. Have clear, easy policies so employees can report both bugs and suspicious activity. Just as importantly, make sure the policies don't apportion blame. While some vulnerabilities will be caused by employees browsing the web when they shouldn't, it's much better to have the problem reported and solved.
2. Gauge your hardware and network infrastructure.
If your company has grown over the past couple of years, that's good news. The bad news is that your company's network tools probably haven't grown alongside that boost in hiring. That means more and more employees are trying to squeeze the most out of older network hardware that wasn't meant to cover so many people. Not only are outages bad for business, they make your company vulnerable. Outages also increase everyone's frustration, which means people will start taking security shortcuts.
Company growth also skews the technology budget. Instead of updating older computers or buying a backup server, your company may have been buying more laptops and company phones. So go back to the basics and audit the existing tools to see if they're sufficient. While strengthening your company's foundation isn't as attractive as "growth," it needs to be a standard security measure.
Contact our team today, for more tips to end 2018 with stronger cyber security.