Does paying attention to the risk of cyber attacks sound expensive, complicated and a distraction from your business plan? Are you burying your head in the sand and hoping that this risk will pass your organization by?
As an incentive to act, recognize that successful cyberattacks can cause the demise of your organization by:
- A high extortion payment to fix a ransomware attack.
- A lawsuit settlement payment and loss of reputation due to a data breach.
Take these small, cheap steps to significantly reduce the risk of a successful cyber attack affecting your organization.
Strengthen cyber security awareness of staff
Many cyber attacks start with a phishing attack that tricks one of your employees or contractors into clicking on a link that downloads malware.
Raising awareness among employees and contractors about the dangers can significantly reduce the risk of a successful phishing attack. For more details on reducing the risk of a phishing attack, see the resources of the Anti-Phishing Working Group (APWG).
Implement a computing use policy
Unfortunately, some employees increase the risk of cyber attacks by their thoughtless surfing on the Internet and inadequate credentials management.
You can quickly develop an acceptable use policy for corporate computers and the Internet. Include these features:
- Describe acceptable and unacceptable uses.
- Ensure the policy includes a prohibition on sharing credentials.
- In the age of working from home (WFH), describe your expectations of what employees will do to competently manage their in-home computing environment.
- Insist that every employee and contractor review and sign the policy.
- Communicate that violations of the policy are recorded in every employee’s personnel file and will play a role in evaluating performance, calculating bonuses, promotion considerations and possible reasons for termination.
Review the scope of Your Managed Services Provider services
Your Managed Services Provider (MSP) is most likely operating your computing infrastructure in accordance with the contract you have agreed to. Too often, this work is insufficient to reduce the risk of cyber attacks.
You can easily broaden the scope of services to include work related to reducing the risk of cyber attacks by ensuring the following services are included in the contract:
- Update operating systems on all devices.
- Monitor firewall effectiveness.
- Maintain anti-virus software.
- Protect your network.
- Confirm that the data backup process is operating correctly.
Many websites provide helpful information to reduce the risk of a cyber security breach. This one, Secure Computing at MIT, is comprehensive and exceptionally well written because it avoids techno-speak.
Review system access
The negative impacts of cyber attacks often multiply because too many active accounts with excessive system access privileges exist for hackers to hijack. For example, sometimes:
- Poorly developed software packages require end-users to have considerable system access privileges to perform their roles.
- Poorly implemented applications based on Software-As-A-Service (SaaS) give end-users more system access privileges than they need.
- Database administrators are lazy and simplify their work by giving themselves unnecessarily god-like access.
You can strengthen your system’s access controls by regularly reviewing and pruning the privileges assigned to all end-users. Delete accounts for employees who are no longer with your organization. Define few generic accounts and email addresses.
For more information on how best to review your system access risks, see this article.
To explore additional ideas for protecting your business and home from cyber risks, please read Get Cyber Safe. Get Cyber Safe is a federal government website created to inform Canadians about cyber security and the simple steps they can take to protect themselves online.
Yogi Schulz has over 40 years of Information Technology experience in various industries. Yogi works extensively in the petroleum industry. He manages projects that arise from changes in business requirements, from the need to leverage technology opportunities and from mergers. His specialties include IT strategy, web strategy, and project management.
© Troy Media
Troy Media is an editorial content provider to media outlets and its own hosted community news outlets across Canada.