7 Cyber Habits for Mid-Sized Organisations

July 13, 2019 1:55 pm Geraldine Strawbridge

Cybercrime is becoming a major problem for organisations around the world. In the past week alone, there have been 5 major data breaches highlighting the need for improved cyber security practices to defend against this growing threat.

Mid-sized organisations are increasingly under attack and are proving to be a very attractive target for cybercriminals. They typically don’t have the same big budget or resources allocated to cyber security that larger organisations have, leaving them vulnerable to attack.

As the threat landscape continues to shift and evolve, it’s vital that mid-sized organisations become more proactive in their approach to cyber security and adopt cyber habits that will help strengthen and protect their business.

In order to protect themselves from data breaches, fines, and damage to reputation, mid-sized organisations will need to invest their money in the areas of their business that need safeguarded the most.

Despite the challenges faced, there are 7 cyber habits that will help improve cyber security within organisations of this size:

1. Whitelisting

Ransomware continues to dominate the cybersecurity landscape in 2018 and with more than 4,000 attacks occurring on a daily basis, it poses a very dangerous threat to organisations around the world.

Despite a greater public knowledge about this malicious software, the cybercriminals have honed and tweaked their ransomware to blend old variants of malicious computer code, with new viruses, to make them increasingly more potent and difficult to detect.

To protect against this growing threat, organisations should consider the use of application whitelisting technologies. Whitelisting is used to stop the installation of malware and other unauthorised software which may be exploited by attackers.

Whitelisting is significantly more effective at stopping malware threats than traditional antivirus software as it only allows programming that has been explicitly permitted to run. Rather than block bad activity and allow all other, it only allows access to safe and trusted sources.

This is increasingly important as today’s malware threats are more targeted, making traditional detection technologies largely ineffective.  The added protection, ease of use, and minimal additional costs associated with this solution make it an important cyber habit for mid-sized organisations to adopt.

2. Two Factor Authentication

Passwords are the keys that provide access to an organisation’s data. Unfortunately, they do not offer the same protection as a traditional lock and key and can be easily hacked. Sophisticated hackers will guess passwords and use specialist software to test thousands of possible username and password combinations.

Data is one of the most important assets that an organisation holds, therefore it is vital that they can demonstrate they are protecting this data and have systems in place that will keep the personally identifiable information of customers secure.

Two-factor authentication offers an extra layer of defence in protecting the security of this data. It is used to verify a user’s identity when they are accessing an application. In addition to a password, two-factor authentication requires a second piece of information to confirm the user’s identity.

This provides employees with an extra layer of security when accessing sensitive company information and reduces the chance of a hacker being able to gain easy access to the network.

3. High Quality Security Training for Employees

90% of all successful cyber-attacks are a result of information unknowingly provided by employees. As networks become harder to breach, hackers are increasingly targeting staff as they provide the easiest route to entry into an organisation’s network.

It has never been more important to educate staff and provide regular training on what threats they should be looking out for and how they can play their part in preventing a cyber-attack. Effective security awareness training is essential in training employees to identify and respond appropriately to the growing range of cyber security threats.

All employees, at every level of the organisation should receive this training to ensure they are armed with the skills required to identify an attack. Cyber security awareness training should be engaging and informative to ensure that employees understand what is expected of them and the importance of their role in safeguarding the organisation’s sensitive data.

4. Reliable offsite Back Up Solution

With attacks against businesses almost doubling in the last five years, organisations cannot afford to be complacent in their approach to cyber security. Organisations need to be able to react quickly and effectively to any security incidents that may arise.

One of the best ways to protect your organisation and ensure it is equipped to deal with the growing range of cyber security threats is to use the services of an outsourced Security Operations Center (SOC).

A SOC is run by a dedicated team of security professionals who work to monitor an organisation’s security operations in order to prevent, detect and respond to any potential threats. They will typically track security threats, including potential threat notifications via tools, employees, partners and external sources. The security team will then investigate the threats, and if it is deemed to be a security incident they will handle it quickly and effectively.

For mid-sized organisations that don’t necessarily have the resources for an in-house security team, an outsourced SOC provides them with the expertise, experience and technologies that can protect them against the growing range of cyber security threats.

5. Patch – Make Patching Part of your Weekly Routine

Patch Management should be a key part of the cyber security strategy for any organisation. ‘Patching’ addresses the vulnerabilities in software that cybercriminals exploit to gain entry into systems to steal sensitive data, lock users out, or demand a ransom.

Unpatched software is one of the main causes of computers getting hacked. New vulnerabilities are constantly discovered, either by hackers or security professionals, and companies will issue patches (essentially a piece of code) to deal with this. If the patches are not applied, it provides cybercriminals with an easy access point to your network.

Patching will ensure that every piece of software used within an organisation is up to date with the most current versions released by the manufacturer. Organisations will need to be proactive in their approach to patching to ensure they are able to detect any vulnerabilities before a hacker does.

6. Senior Executives Responsible for Information Governance

To ensure that organisations are protected and secure, it will be important to appoint a steering committee of senior staff that will bear the ultimate responsibility for the governance of the organisation’s cyber security strategy.

Organisations can’t just rely on their IT department to take ownership of cyber security. It needs to filter down from the top with senior management taking control, and putting in place the proper measures that will protect an organisation and its assets.

Research from the Cyber security breaches survey 2017 found that organisations, where senior management treat cyber security as a high priority, are more likely than average to say that their core staff take it seriously (88%, versus 76% overall).

This suggests that the culture set by senior managers filters down throughout an organisation, highlighting the importance of senior managers’ engagement with cyber security.

7. Identify Information Assets and Data Processing Activities

To develop a comprehensive cyber security strategy and effectively identify risks, organisations will need to complete a thorough audit of their information assets and data processing activities.

They will need to determine what their most valuable information assets are, where these assets are located, and who has access. This is crucial in identifying the risks that cyber threats pose and prioritising those areas that need defended.

Organisations will also need to evaluate their current data management processes and determine if changes need to be made. They will need to look at the type of personal data held, where it is held, where it was sourced, length of retention, its use, access rights and how it is shared. Regular audits of data processing activities will help safeguard data and reduce organisational risk.

If you would like to find out more information on the best cyber security habits for mid-sized organisations, then tune in to our webinar on the 9th August at 3pm. Robert O’Brien, CEO of MetaCompliance will discuss the importance of adopting cyber security habits that will protect and strengthen your organisation.

To secure your place at the webinar titled ” 7 Cyber habits for mid sized organisations”, click here