29th June 2017
10 steps to cyber security
Would you leave the door to your house wide-open? If not, why leave the door to your brand and reputation at risk?
In early 2013, a colleague who runs a cyber security firm called to catch up for a coffee in London. He had just returned from developing and implementing a new cyber security system for a bank in the Democratic Republic of Congo and Ghana. As we sipped on our hot beverages he enlightened me on the growing threats of cyber-crime and explained that organisations are not doing nearly enough to implement measures to safeguard their brand and reputation.
In 2017, the complacent attitudes to cyber security haven’t changed much.
The global cost of cyber-attacks is estimated at USD $400 billion per year with some studies suggesting this could rise to $2.1 trillion by 2019.
Countless brands have experienced security breaches.
Look at the Panama Papers, the Yahoo data breach affecting 500 million users or remember Leoni AG Chief Financial Officer in Romania who was duped into transferring €40 million to an unknown bank account. Fresh to our minds would be the recent international cyber-attack which crippled computers, halted operations at Maersk, the Mumbai container port, the Cadbury chocolate plant in Australia and the property arm of French bank BNP Paribas to name a few.
Immunity to attacks is impossible, but preparation can nip attacks in the bud.
The common cyber threats include:
- Phishing: emails requesting security information and personal details
- File hijacker: files are corrupted and held to ransom
- Ad clicker: allows a criminal to direct a victim’s computer to click a specific link
- Hacking: systems are taken over and data access is controlled
- Distributed Denial of Service (DDOS): attacks where online platforms / services are unavailable
- Understand what cyber security is.
- Establish a clear and robust leadership structure: In a crisis, things can move quickly and communications and corporate decision making processes must be able to keep up.
- Have an internal policy: Companies should asses what their biggest threats are. Sometimes it is the employees; an employee may unknowingly click on a malicious link, insert an infected USB in a computer or set up a weak password. Train staff to understand these threats and ensure the IT department has implemented the right protection.
- Train your employees: Employees are the lifeline of an organization. Train them in cybersecurity and on privacy adherence on IT platforms.
- Speak with one unified voice: Put forward a designated spokesperson and ensure that all members of the team are prepared to direct questions from journalists to this single source.
- Learn how others have dealt with breaches.
- Legal ramifications: Organizations should understand their legal responsibilities when cyber-attacks occur. When data has been breached, it may affect your stakeholders and staff; with such breaches, organisations may be subject to different legal requirements and timelines.
- Have a crisis communications handbook: This is essential and will work as a manual detailing the media storm that may ensue.
- Hire a cyber security expert: Investing in cyber security and hiring the right professionals is of utmost importance. By doing this you will be able to identify where your organisation’s security is failing and how to fix it.
- Implement and activate your plan: The effectiveness of your plan should be tested in a simulated exercise. If you wait for a crisis to test it, it may be too late. So get going and try your plan out to see if you have the right formula for dealing with a crisis.
If time is taken to learn and understand how such incidents can occur, then an organisation can invest in its people, implement the right procedures and develop a crisis response strategy to safeguard against future attacks.