(5 min read)
Obviously, we think it’s no accident that ‘People’ is the first pillar in this list.
Of course, many companies take this to mean hiring specialist cyber security staff. But actually, everyone in your business is part of this pillar. Every single one. And that’s because statistics show that 90% of successful cyber attacks are down to human error.
And, regardless of how experienced they are, it could as easily be your CIO or someone in your IT team as the customer service rep who opened an email that looked like it was from the client. It could equally easily be the accountant who thought she was clicking on an invoice, or the HR Director who followed a link to an updated CV.
That’s how cyber criminals get into your business. They tend to use people. That makes your people the first line of defence against cyber attack. And that means that you and everyone else in your business needs to know not just what to look out for, but how to change the way they behave to stop inadvertently opening the door to data loss and all the serious financial and reputational damage that inevitably comes with it.
All the data in your business is sensitive – it’s your data. And the data of your clients, suppliers, and shareholders. Importantly, a criminal doesn’t need highly personal details to do real damage – names and email addresses may be enough. So anyone working in your business with access to any information could put your business at risk. To support your people, you need three things: good quality, behaviour-changing cyber security training, backed by the other two pillars of effective cyber security.
Processes
Every organisation – no matter how big or small and no matter what type – should have processes in place that help manage cyber security issues. Who has access to what data? How do people log on? Do you use two-factor authentication? What happens if your security is breached? How do you tell your customers you’ve lost their private data? How do you manage the damage to your reputation? You really don’t want to be doing all of this when you’ve fallen victim to an attack. Develop clear, robust policies and share them with your teams so they know you are taking this significant risk seriously.
Technology
We love technology. And it plays a critical role in protecting your business against attack. We love technology. And it plays a critical role in protecting your business against attack. But where to start? Whilst ISO 27001 is the strongest standard, smaller companies can start with adopting the Cyber Essentials certification – a government-backed scheme that is managed by the National Cyber Security Centre. Companies are increasingly adopting the Cyber Essentials certification – a government-backed scheme that is managed by the National Cyber Security Centre. This certification covers a wide technical scope and gives your customers, suppliers and investors confidence in the general standards of your technology and systems.
At the moment, Cyber Essentials includes a range of requirements for IT infrastructure – hardware, software and devices – including:
- Wireless devices
- Bring Your Own devices
- Externally managed, or cloud devices
- Other externally managed services
- Web applications
- Firewalls
- Routers
- Desktop devices
In addition, the certification looks at other issues, including password-based authentication and administration of accounts. You can find out more here about the Cyber Essentials Scheme.
Your internal or external IT support should be constantly assessing the potential risks to your business and putting mitigation in place to keep systems secure.
Together, these three pillars for the basis of a strong and secure approach to the risks that cyber crime presents. But you need to have all three in place to be truly effective. Many companies focus on the tech and forget the people – and that’s a mistake. Your people are the heart of your business, and they are the hacker’s easiest way to your data.
We’re big believers in getting the right technology in place to support good cyber security practice. But technology alone is not going to protect you. This is why we developed our Psybersafe behavioural science-based programme. As we said right at the start of this blog, you can decide whether your people are you first line of defence.
If you think it’s time to invest in cyber security training that makes a measurable difference (and it does), talk to us today. And sign up below to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
You can also watch our demo by clicking the link below.
Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today. |