Protecting your organization against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears.
Focusing on how 2020 has been a challenging year is straightforward: the Covid-19 pandemic, a sputtering economy, and an explosion of new and increasingly dangerous cyber threats (cybersecurity professionals). However, we should not neglect how the changes we have seen in 2020, such as the transition to remote work, have driven long-overdue reconsiderations of our connectivity, collaboration, and cybersecurity standards and approaches.
In this post, we outline five things you can do to improve the way you approach Cybersecurity and Information Security in your organization.
Conduct annual staff awareness training
Two of the biggest threats organizations face are phishing and ransomware, both of which exploit human error.
Companies should ensure that staff is educated about the tactics scammers are using and the attack vectors they are exploiting at a time when Covid-related cyber scams are surging. For example, employees should be wary of digital messages and emails that enable them to download or follow links to pandemic materials (which could contain malware).
If employees receive phishing emails and are unable to spot that they are scams, the whole organization is at risk.
Similarly, internal error, privilege misuse, and data loss are all the results of employees not understanding their information security obligations.
Regularly review policies and procedures
Policies and procedures are the documents that establish an organization’s rules for handling data.
Policies provide a broad outline of the organization’s principles, whereas procedures detail how and when things should be done.
This is another area in which ISO 27001 can help. The Standard contains a comprehensive list of controls that organizations may choose to adopt if they decide that they must address an identified threat.
We have previously discussed some policies that organizations should implement, which include those related to remote access, password creation and management, and rules on acceptable use.
By writing policies and procedures, organizations can ensure that employees understand their security obligations and cement the lessons taught during staff awareness training.
Change the anecdote about cybersecurity standards at your company
Cybersecurity will become more integral to companies ‘ day-to-day operations as they shift towards remote work and increasingly rely on digital productivity and communication tools. It offers an opportunity to strengthen cybersecurity training and educate workers to protect themselves and, by extension, their workers.
Cybersecurity is not only crucial for protecting businesses from threats that can cost millions of dollars and lead to consumer confidence violations permanently. It’s also a way for employees in an increasingly digitized world to keep themselves and their families safe, especially as our personal and professional lives blend in with the rise of remote work.
Fix all possible weaknesses
The number of possibilities available security holes for bad actors to exploit was rapidly rising even before Covid-19. In recent years, for instance, the Internet of Things (IoT) has expanded dramatically. A recent Cisco report found that connected devices will increase from 18.4 billion in 2018 to 29.3 billion by 2023.
The average American household has eleven wired devices (including seven separate screens), according to a survey conducted by Deloitte in 2019, and 28% of Americans use smart home devices, such as connected heat and refrigerators, etc. One of the significant risks of these devices is that they also have more basic protection features, rendering them more susceptible to intrusion than laptops or smartphones. Hackers can access the entire home network and target other devices, such as a working computer, when this occurs.