Insurance firm Hiscox performed a survey in 2018 on the Cybersecurity readiness levels of businesses globally and found that 78% of 4,500 companies surveyed were not prepared for attacks and breaches. As a specialist insurer, they have been offering cyber coverage for over 20 years – giving them a unique insight into what constitutes good and bad when it comes to recognizing and responding to cyber threats.
24ITintegrator has over 25 years of experience with protecting businesses from cyber attacks. If Cybersecurity is top of mind for you and your organization, here are some things your company can start doing today to increase Cybersecurity readiness before shelling out money for the hardware and software solutions that may not be appropriate for your business.
1. Provide Cyber Security Training
The Ponemon Institute, which conducts independent research on data protection and emerging information technologies, attributes human error as the root cause behind 27% of the data breaches in the companies they surveyed. Once workers receive training and become aware of what risky habits and actions are from a Cybersecurity standpoint, the better they are in protecting your business from attacks.
2. Test Employee Cybersecurity Awareness
Aside from simply handing employees training resources and expecting them to commit the information to memory, it’s important to engage in a bit of learning by doing. In other words, organizations need to test employees on their security awareness from time to time to ensure that the lessons were actually learned. These tests can take numerous forms—from simple assessments that occur at the end of a training program to fake phishing emails designed to see if employees will fall for them.
Testing employee cybersecurity awareness helps to reinforce the lessons from the formal training programs—as well as highlighting gaps in security awareness amongst employees. For example, if more than half of all employees fall for the same trick, odds are good that this is an awareness gap that needs to be addressed.
3. Perform a Cybersecurity Risk Assessment Audit
After the people layer, you’ll need to determine your network’s defenses against an attack. This means you’ll need to have an experienced IT team check the various aspects of your network infrastructure for potential vulnerabilities. Many companies outsource security audits to third-party companies to perform vulnerability testing to check for holes in all the layers of the organization’s defenses. Any points of failures gathered will help plug these gaps and make the company’s defenses stronger.
4. Draft a Cybersecurity Response Plan
What made the Equifax Data Breach worse is that the company waited for six weeks to report the leak. That’s more than a month-long window where hackers allegedly still had access to the sensitive personal information of 143 million people. This usually happens to companies because executives and employees don’t have a clear plan for how to proceed once they determine an attack is happening. Drafting a Cybersecurity response plan gives you guidelines on how to quickly re-mediate the situation.