We’ve gone over why you need to know about cyber security and what you need to ask… Now let’s take a deeper dive into the first of 3 major steps your organization should be going through yearly, if not more often.
The first step is focusing on the planning aspect of business risk management.
Consider using these steps to make information security part of your normal business risk management procedures.
- Consider whether your business could be a target – this will indicate the level of risk your business is exposed to. Ask around to see whether any of your suppliers, major customers or similar businesses in your area have been attacked, so you can learn from their experiences.
- Know whether you need to comply with personal data protection legislation and Payment Card Industry compliance (PCI).
- Identify the financial and information assets that are critical to your business, and the IT services you rely on, such as the ability to take payments via your website.
- Assess all the IT equipment within your business, including mobile and personal IT devices. Understand the risks to all of these things by considering how they are currently managed and stored, and who has access to them.
- Assess the level of password protection required to access your equipment and/or online services by your staff, third parties and customers, and whether it is enough to protect them.
- Ensure that your staff have appropriate awareness training, so that everyone understands their role in keeping the business secure. Decide whether you need to make an investment, or seek expert advice, to get the right security controls in place for your business. You could seek advice from accredited security consultants, internet and managed service providers or even your web designer if they have the capability.
- Consider who you could turn to for support if you are attacked, or if your online services are disrupted in some way. Define what your recovery procedures would be, and how you could keep your business running, particularly if you trade online.
- You may like to consider whether cyber insurance could protect your business against any impacts resulting from a cyber-attack.
With cyber security risks increasing year-over-year establishing cyber security best practices via detailed planning is not only useful; it’s a necessity.
Cyber security is a complex web and as such there are many areas to consider. The best place for any manager to start is to take a step back and assess the risk of their overall business environment.
Step on complete? Time for step two, implementation – putting in place measures to mitigate risk.