The cyber security manifesto – 5 key points for your organisation
Cybersecurity affects every business, and every person.
The biggest information security event in Europe, Infosec, gathered in London last week with the event widely covered by the mainstream press – something which probably won’t have happened ten years ago. This underlines the importance of cybersecurity, and how seriously it needs to be taken.
And you can see why – it grabs the headlines on a regular basis, and there is no hiding behind its potential to damage.
As we move towards the Internet of Everything, more and more devices will be connected to the web than ever before. Each new device creates a new data point, and a potential piece of information which is attractive to attackers.
Cybersecurity, a niche issue? Not anymore.
Every organisation which holds data has a duty for protecting that information from malicious forces. The highly organised criminal elements trying to steal it operate in a billion dollar industry, where that information is commoditised and sold at a price.
To help you match this growing challenge, we’ve distilled five cybersecurity actions into a short series of simple pledges. If followed, this will help instil cybersecurity into the culture of your organisation.
This is vital. Rather than the IT department working in isolation, everyone has to take on responsibility for cybersecurity. Security should be embedded into all operations, and you must ensure your processes accurately reflect the dynamic and evolving threat landscape.
So, here we introduce the cybersecurity manifesto:
- Security must be considered a growth engine for the business, not a roadblock or hassle
We cannot think with a negative mindset – cybersecurity cannot be a ‘chore’. Taking this first step by looking at the issue from a different perspective will get everyone within the organisation on board much quicker, and it becomes the shared responsibility of everyone. To take it a step further, having robust security in place makes you a more attractive proposition to new and existing customers – remember this is their data you’re looking after.
- Security must work with existing architecture and be usable
There is no point creating a system that is not simple to understand and easy to use, or people can’t be expected to take cybersecurity seriously. Review your current infrastructure, and ensure a patching process is established
- Security must be transparent and informative
It’s not a case of ‘if’ you will be breached; it’s a case of when. By making this transparent with everyone, they will better understand the risks and how to deal with them.
- Security must enable visibility and appropriate action
One of the key cybersecurity challenges is knowing when your system has been compromised. We believe organisations need to be threat-centric, and you should think like a hacker. If a breach does occur it’s just as important to understand how it occurred, the impact on your organisation, and how to clean-up the aftermath. On top of this, all this information needs to be fed back, to help prevent it from occurring again.
- Security must be viewed as a ‘people problem’
Just as important as digital security, is physical security. Passwords written on pieces of paper, data left on USB pens, and laptops left in pubs are all major security issues. These all route back to people – so you need ensure people are being given the right training so they understand the risks involved. Establishing user-friendly policies is a key part of this – we must acknowledge we are working with humans who need to be made aware, adapt and learn new behaviours.
Every angle you look at it, cybersecurity will only become more important. By taking action now, your organisation can protect itself from a costly data breach in the future.
Tags:
