Don’t be put off by the hype
Cyber security is simpler and easier than you think, says Joe Jouhal, CEO of Avatu (in an article in the New Statesman)
From the headlines you’d be excused for thinking it’s unstoppable. “The end is nigh” and all our businesses are about to implode under the cyber criminal’s destructive gaze.
But, of course, reality is a little more balanced than that.
- Yes, there is a serious, growing threat to business. The World Economic Forum’s Global Risk Report has cyber threats and data theft in its top ten
(alongside climate change and large-scale migration) and PwC’s recent survey of 100,000 businesses revealed that 38 per cent more security incidents
were detected in 2015 than the year before
- Yes, it’s impossible to know if you will come under attack, so you have to assume you could. There is no such thing as a typical data breach victim, as Lincolnshire County Council, TalkTalk and Bettys Tea Rooms can testify. And, as motivation diversifies, it’s hard to know why or where the risk will evolve
- And yes, a cyber attack or data leak can be expensive and damaging. TalkTalk said recently its data breach cost it 101,000 customers and £60m
There is an urgency to assess the risk. But organisations should not be dazzled by the hyperbole or the hype.
Security doesn’t need to be a complicated, difficult or vastly expensive business. There is much enterprises can do, simply and easily, to help prepare
for, and protect against, a data breach launched over the internet or caused by a rogue insider.
It’s a case of fighting on a battleground where you can win and being equipped with the right weapons.
How to fight on a battlegroundwhere you can win
1. Don’t rely on staying safe with just perimeter protection. Anti-virus software and firewalls will only stop known threats. If you have systems or data that need to be protected, you need to become more sophisticated in your security arrangements.
2. Assess what’s most important and sensitive to your organisation – and protect that. You can cover other things as well but start with the most important.
3. Email attachments are a significant weak point in many security plans. But there are new technologies which can automatically strip away worrying content without blocking them completely (so employees never miss important emails that disappear into firewall black holes).
4. Remember, even your friends are also potentially your enemies. Employees and contractors can make silly mistakes or can be tempted to the dark side (sometimes for very small amounts of money). You can, however, limit your exposure by protecting your data at source, making it secure when it’s inside – and outside – your organisation, and you can pull the plug remotely if there’s a problem.
5. Limit access to the important stuff. This can be done easily with privilege management (where people only have access to things they need for their
job). It sounds simple but you’d be amazed at how many people don’t already do it.
6. Consider cyber insurance. Not only will it give you a financial cushion if things go wrong, it will help introduce risk-limiting activities and a proactive mindset.
7. Get your security advisers to give you options. No one piece of technology or policy will give you everything you need (indeed, the Government’s advisers at GCHQ recommend a layered approach). But you almost certainly will not need every piece of expensive kit on the market.
It’s a rapidly changing world where the criminals are on the front foot. But being proactive can vastly improve your chances of winning the war. l
Joe Jouhal is the chief executive officer of Avatu, the information security company for inspiring companies
For more information see www.avatu.co.uk
This was first published in the New Statesman. See the original article here.