Written by Malcolm Newdick, Managing Director
People often ask why so many businesses still remain wholly unprepared for a cyber attack? It usually comes down to one (or more) of these reasons:
- They don’t understand the risks
- “It won’t happen to me”
- “We aren’t a target”
How can companies plan a comprehensive crisis management strategy for when the unexpected actually happens?
- Have a tested Business Continuity plan that includes their response to a cyber attack.
- Be aware that, by definition, you cannot prepare for the unexpected. What you can have is a well-drilled crisis team that will provide the response when the unexpected happens.
- Include suppliers in your planning. You will need them to respond quickly when a crisis happens.
What measures can a company take to help avoid cyber attacks?
– Be very careful in your recruitment, get references, conduct background checks.
– User education. Just like sexual health, education prevents infection.
2. Systems & processes. Look for areas of vulnerability, eg financial authorities where people might have single sign-off on payments, physical security controls at your offices.
3. Strong IT. For example, management of permissions to sensitive files on your network, identity management so you can control access to web-based applications, multi-factor authentication to prevent dependence on passwords.
4. Multi-layered security. As an example, these layers could be your physical security PLUS firewall protection, PLUS anti-virus, PLUS passwords that change every 90 days, PLUS active management of users on your network PLUS monitoring of activity on your network.
5. Test. Get an external organisation to do periodic tests of your security.
At Riverbank IT, we can provide you with a layered approach to your IT security that will cover all your requirements, and ensuring you are protected against potential threats.