While it is tempting to say that antivirus software and firewalls have curbed, or at least reduced the risk and damage that results from cyber crime, this statement couldn’t be further from the truth. It is estimated that cyber criminals reap £9.2 billion per annum in theft from UK businesses.
Cyber threats can never be completely negated or extinguished. This is because cyber crime is the most sophisticated form of crime there is. It is in constant flux, meaning that security measures have to be adaptable to changing methods of attack on a daily basis.
Information security shouldn’t be seen as an optional advantage for your company: it is a necessity that will prevent your business from suffering significant losses.
The first step: self-assessment
If your company went into operation without a security response plan in place, a thorough, in-depth self-assessment is in order. In order to tighten security and reduce the risk of exposure and vulnerability, you need to know where your company stands before moving forward.
A rigorous self-assessment usually involves the following:
- Detailed documentation of all information assets
- An accurate measurement of security preparedness
- An assessment of roles and responsibilities in the event of a security breach
- An assessment of what devices employees store company information on and what would happen if those devices were lost or compromised.
Creating a CSIRP
Having a Computer Security Incident Response Plan (CSIRP) in place for when a security breach occurs is absolutely essential to both the short- and long-term survival of your business. This involves making a note of which authorities need to be contacted, what information access you’ll be required to provide and so on.
Security policies that all staff will stand by will have to be determined. All employees should be educated on said policies: you may have to provide them with security training to reduce the chance of human error, which is usually significant.
Monitoring your security system and backing up data
As stated before, information security isn’t a one-off concern: it is of paramount importance that you monitor the system on an ongoing basis for cyber attacks. You also need to keep an eye out for certain hints that a larger, hidden attack is taking place (this includes things like unauthorised employee access or crashing systems).
Your data should also be backed up on a regular basis, on different servers, if possible. Cloud storage has become quite popular with businesses, but make sure that it is 100 per cent secure. You should also make sure that your information is backed up regularly on additional channels, in case the others are themselves compromised in an attack.
The steps outlined above are merely starting points for your business to follow. Information security is complex and requires regular attention: make sure that you consult professionals about best practices.
This is a guest post by +Ben Williams