In many businesses cyber security is often a misunderstood topic. Given the current business climate, and the seemingly unending news of cyber security attacks and breaches, it sometimes seems strange that the simple question still needs to be asked: Why do you need to know about cyber security?
Cyber security at its root is about protecting your computer-based equipment and information from unintended or unauthorized access, change, theft or destruction.
But even more than that, good cyber security can enhance the reputation of your business and open up new commercial opportunities.
Today most companies now use the internet to do business, to advertise and sell, find new markets, customers and staff, communicate with customers and suppliers, and carry out financial transactions. The internet brings huge business opportunities and benefits. But with those benefits it also brings risks. Every day there are attacks on the IT systems of companies like yours attempting to steal your information and money, or disrupt your business.
Unfortunately you can never be totally safe, but most online attacks can be prevented or detected with basic security practices for your staff, processes and IT systems. These security practices are as important as locking your doors or putting your cash in a safe. You can manage your online security in the same way you would protect any other aspect of your business. With more customers demanding that their suppliers are secure, this is becoming a business necessity.
One of the major things you can begin doing is attacking the problem of cyber security in a business centric way. In other words take a risk management approach to how you look at cyber security and understand the risks to your business.
The first step is to ask yourself a number of simple, but crucial, questions in order to define and understand how to think about the problem of cyber security.
What is directly at risk in the event of a cyber security attack or breach?
Broadly answered, things such as your money, your information, your reputation, your IT equipment and your IT-based services. Information is an asset that can take many forms: client lists, customer databases, your financial details, your customers’ financial details, deals you are making or considering, your pricing information, product designs or manufacturing processes. There is a risk to your IT services and information wherever they are stored, whether held on your own systems and devices, or on third-party hosted systems (i.e. ‘in the cloud’).
Who could potentially pose a threat to these assets?
Current or former employees, or people you do business with, compromising your information by accident, through negligence, or with malicious intent. Criminals, out to steal from you, compromise your valuable information or disrupt your business because they don’t like what you do. Or perhaps business competitors, wanting to gain an economic advantage.
What form could the threat take?
- Theft or unauthorized access of computers, laptops, tablets, mobiles.
- A remote attack on your IT systems or website.
- Attacks to information held in third party systems e.g. your hosted services or company bank account.
- Gaining access to information through your staff via social engineering.
What impact could an attack have?
- Financial losses from theft of information, financial and bank details or money. The average cost of the worst kinds of security breach is between $94,000 and $165,000.
- Financial losses from disruption to trading and doing business – especially if you are dependent on doing business online. The worst breaches can result in a business being out of action for up to 10 days.
- Losing business from bad publicity & damage to your reputation & customer base.
- Costs from cleaning up affected systems and getting them up and running.
- Costs of fines if personal data is lost or compromised.
- Damage to other companies that you supply or are connected to.
Now that you’ve begun to think about what the risks to your business might be, the obvious next step is to ask yourself, what can I do about it?
In general, there are three major steps organizations should be constantly cycling through on a yearly basis (or more often) to answer this question:
- Planning – ensuring a strategy and roadmap exists in line with your business goals to tackle cyber security
- Implementation – putting in place measures to mitigate risk
- Reviewing – ongoing review of plans and measures to ensure efficacy
Check back soon for a more in depth look into these 3 important steps to take when tackling cyber security.
Comments or questions? We’d love to hear from you! Leave a comment below or contact us.