Departments Digital

Five things all organizations need to know about cyber security

Cyber attacks are most often crimes of opportunity. Although some cyber attacks are targeted with specific goals and objectives in mind, for most victims, it is simply a matter of being in the wrong place at the wrong time. Cyber criminals cast their nets wide, sending out thousands of random phishing emails designed to lure an unsuspecting target into clicking on a link or installing software that will provide the attacker with a foothold into the victim’s network.

In the case of a ransomware attack, this foothold could allow the threat actor to encrypt sensitive files, block access to critical business systems and demand a ransom in return for allowing access to the files.

Although the impact of such an attack can be crippling to an organization, there are a few fundamental steps that can be taken to reduce your exposure and to ensure that you are able to respond quickly and effectively should it occur.

Train your staff – Recognize that individuals constitute the most vulnerable aspect of any cyber defence system. Your staff must be trained to recognize the specific threats facing your company and the crucial role they play in defending against such threats. Consider subscribing to an online cyber security training service which can provide awareness and training materials to keep your staff up to date on the latest threats and test their ability to detect and respond to phishing attacks correctly.

Assess your exposure – To adequately prepare to respond to a threat, you must first understand the types of threats your organization faces and the potential costs to recover from a cyber event. A retail e-commerce organization faces very different threats than a professional services organization like a law firm or accounting office. Develop a full inventory of your most critical IT assets and data and consider how long you could practically operate without access to them. Consider cyber security insurance to ensure that you have access to the necessary resources (both financial and technical) to respond.

Protect portable devices – Laptops and other portable devices can hold massive quantities of data. The loss or theft of one of these devices could expose an organization to significant regulatory and legal penalties. Luckily, there are commonly available tools to protect these devices should they fall into the wrong hands. Enabling encryption on all portable devices including laptops, smartphones, and tablets that may contain sensitive data will keep the data safe even when misplaced.

Prepare to respond – Develop an incident response plan that lays out the steps needed to respond to a cyber incident effectively. Periodically test this playbook to ensure that all stakeholders understand their roles and responsibilities.

Partner with a reliable cyber security firm – Recognize that many small and medium size businesses lack the resources to maintain a cyber security program. Consider collaborating with a reputable cybersecurity service provider to identify and address any gaps in your security posture, and to develop a roadmap for enhancing your cyber defence capabilities.

Topics

Highlights from Manitoba business

Stay informed on breaking news, announcements and more right here.