Blog / News / All

29th June 2017

10 steps to cyber security

Blog

Would you leave the door to your house wide-open? If not, why leave the door to your brand and reputation at risk?

In early 2013, a colleague who runs a cyber security firm called to catch up for a coffee in London. He had just returned from developing and implementing a new cyber security system for a bank in the Democratic Republic of Congo and Ghana. As we sipped on our hot beverages he enlightened me on the growing threats of cyber-crime and explained that organisations are not doing nearly enough to implement measures to safeguard their brand and reputation.

In 2017, the complacent attitudes to cyber security haven’t changed much.

The global cost of cyber-attacks is estimated at USD $400 billion per year with some studies suggesting this could rise to $2.1 trillion by 2019. 

Countless brands have experienced security breaches.

Look at the Panama Papers, the Yahoo data breach affecting 500 million users or remember Leoni AG Chief Financial Officer in Romania who was duped into transferring €40 million to an unknown bank account. Fresh to our minds would be the recent international cyber-attack which crippled computers, halted operations at Maersk, the Mumbai container port, the Cadbury chocolate plant in Australia and the property arm of French bank BNP Paribas to name a few.

Immunity to attacks is impossible, but preparation can nip attacks in the bud.

The common cyber threats include:

  • Phishing: emails requesting security information and personal details
  • File hijacker: files are corrupted and held to ransom
  • Ad clicker: allows a criminal to direct a victim’s computer to click a specific link
  • Hacking: systems are taken over and data access is controlled
  • Distributed Denial of Service (DDOS): attacks where online platforms / services are unavailable
Cyber security incidents are indeed on the rise. The third quarter of 2016 saw more than 18 million new malware threats being detected. The UK National Crime Agency indicated that more than 50% of the crimes committed in the UK are cyber. It is imperative that organisations develop crisis management strategies to prevent attacks. Protocols, training of staff, understanding new technologies, the right IT structures are all part of setting up an efficient crisis management system. 
 
Organizations need to implement measures to tighten security by taking a proactive and preventative approach. Below, are some tips to help guide the process.
  1. Understand what cyber security is.
  2. Establish a clear and robust leadership structure: In a crisis, things can move quickly and communications and corporate decision making processes must be able to keep up.
  3. Have an internal policy: Companies should asses what their biggest threats are. Sometimes it is the employees; an employee may unknowingly click on a malicious link, insert an infected USB in a computer or set up a weak password. Train staff to understand these threats and ensure the IT department has implemented the right protection.
  4. Train your employees: Employees are the lifeline of an organization. Train them in cybersecurity and on privacy adherence on IT platforms.
  5. Speak with one unified voice: Put forward a designated spokesperson and ensure that all members of the team are prepared to direct questions from journalists to this single source.
  6. Learn how others have dealt with breaches.
  7. Legal ramifications: Organizations should understand their legal responsibilities when cyber-attacks occur. When data has been breached, it may affect your stakeholders and staff; with such breaches, organisations may be subject to different legal requirements and timelines.
  8. Have a crisis communications handbook: This is essential and will work as a manual detailing the media storm that may ensue.
  9. Hire a cyber security expert: Investing in cyber security and hiring the right professionals is of utmost importance. By doing this you will be able to identify where your organisation’s security is failing and how to fix it.
  10. Implement and activate your plan: The effectiveness of your plan should be tested in a simulated exercise. If you wait for a crisis to test it, it may be too late. So get going and try your plan out to see if you have the right formula for dealing with a crisis.
Cyber security challenges will continue to grow as hackers find new ways of breaking down security firewalls. Companies need to ensure they are staying ahead of the game by implementing the right systems to mitigate such threats.
If time is taken to learn and understand how such incidents can occur, then an organisation can invest in its people, implement the right procedures and develop a crisis response strategy to safeguard against future attacks.
 
“It takes 20 years to build a reputation and five minutes to ruin it." – Warren Buffet
Crisis Response Manager
T: +44 (0)20 3326 8468

News Archive

Share this page