PwC's Global Economic Crime Survey 2016 confirms hacking is on the rise, and it affects businesses profoundly. Cybercrime is now the second-most reported economic crime, and about 1/3 of organisations fell victim to some form of it in the last year. Against this backdrop, you must be asking yourself, "Is my business digitally secure?" Here is how you will know.
Your security basics are not covered
Hackers habitually rely on vulnerabilities and exploits which are easily preventable. Data from 2015 show that the top ten external vulnerabilities accounted for 52 per cent of all external vulnerabilities, while thousands of vulnerabilities make up the remaining 48 per cent. As for internal vulnerabilities, the top ten account for 78 per cent of all internal vulnerabilities; every single vulnerability on the top-ten list directly related to outdated patches. To stay ahead of the bad guys, you need regular patching, up-to-date data encryption on top of regular antivirus, and a watchful eye on the latest Web exploits we discover regularly.
You do not know your cyber assets
Many companies do not have a clear understanding of what their critical digital assets are, how desirable their cyberinformation is, and what their potential hackers' profile is. You can't protect against invisible and unknown threats; you have to have a firm grasp on all of the above, often with external consultation.
You lack a clear cyber-security policy
If your company does not have a blanket cyber-security policy which actively and continuously engages every level employee, you are playing with fire already. Every employee's action matters here, so make sure everyone is on the same page.
You do not vet your people
Following closely from 3., you have to keep the human factor into consideration and insulate your company against internal attacks. Lower-level employees most often turn malicious, and abusing data-access privileges accounts for 66 per cent of all company data violations. So, again, enforce a strong cyber-security policy and keep a close eye on your people.
You have a relaxed "Bring Your Own Device" policy
BYOD policies are generally favoured because they improve employee wellbeing and comfort. If you have implemented such a policy, however, it is imperative that you take the extra step to make sure each employee's device has the latest security features and add-ons. The costs for this measure are orders of magnitude lower than the damage of the inevitable breach if you skip it.
You are planning to expand and redirect security resources to other departments
Security budgets often get slashed first when a company prepares to expand, but you should know better. If your business growth and expansion do not involve a respective extension of cyber-security resources, you are simply not ready to grow yet.
You do not train your employees to be cyber-responsible
Phishing remains the number-one "in" for cyber-criminals in 2016. It can be prevented with an awareness campaign and a little training - simple but easier said than done.
You have not planned for the worst
77 per cent of companies have no recovery plan in case a cyber attack occurs. Apart from prevention, you should have a damage-control and recovery plan which limits the breach and patches any potential leaks.
Your infrastructure is old
Cyber-security is not all people and software; devices play a central role, too, and life cycles are getting shorter. Update your infrastructure and always consider how many updates a device is likely to support before buying.
Your data sources are not integrated
Organisations harbour mountains of data: workers, branches, contractors, partners, customers... If they "live" on different platforms which cannot communicate, you are much more exposed to internal and external risks, and you are less likely to react to an attack and recover from it quickly. You need to focus on clear data-sharing policies and identity management.
How we can help you
A company's cybersecurity does not lie in the hands of the few tech-savvy employees working long hours at IT. Every single employee's digital behaviour is a vital part of your business security today and your company's future. IT Force is a leading cyber-security and IT services company based in Dublin, Ireland. We will help you tackle the challenges of securing, virtualising, and managing every aspect of your company's virtual life. We will support you in improving collaboration between the various departments of your company; addressing the latest security needs of your business model; and designing efficient and secure enterprise infrastructure. Do not hesitate to reach out!