As the digital economy becomes mainstream, the volume of information supporting the importance of cybersecurity for businesses of all sizes and sectors increases everyday. According to recent data, 99% of computers are vulnerable to attacks from hackers, among other reasons for the extraordinary proliferation of so-called malicious software (or malware), of which 230,000 new samples are put into circulation every day.
Therefore, it's important that companies take measures right now to protect themselves against any type of cyber crime. In this post we summarize the 10 essential steps that companies should keep in mind to elaborate a cybersecurity plan.
This post is also available in Spanish.
Undoubtedly, your company needs a cyber security plan
The combination of companies’ vulnerability and hackers’ tireless activity causes enormous economic injury to the former. According to a cybersecurity analysis prepared by Ponemon Institute, the overall cost of cyber crime in 2016 fluctuates in a range that goes from 270,000 to 73,000,000 million dollars a year.
And if that wasn't enough, it is estimated that 68% of the funds misappropriated by cyber criminals are never recovered.
Source: Ponemon Institute Cost of Cyber Crime Study
Given the seriousness of this threat, and that the number of cyber attacks is growing exponentially, many governments have created entities from which to educate and sensitize the whole society on the importance of security in digital transactions, which now range from our purchases of consumer products to our daily banking operations, and to the bulk of activities involving our work life.
Among these governmental bodies, the British National Cyber Security Centre is one of the most active and educational, as proven by this guide published in 2015 and updated a few months ago, that talks about the 10 steps companies should take to elaborate a cybersecurity plan. These are summarized below.
The 10 first steps to elaborate a cyber security plan
1. Establish a risk management protocol
Measure the cybersecurity risks your company's information and systems are exposed to, with the same care with which your company protects its legal, financial and regulatory activity. Once you have estimated those risks, establish a risk management protocol, which must have the support of the board and of the members of the steering committee.
2. Reinforce your network's security
Protect your network from potential attacks by resorting to specialized software companies that allow you to test your security, detecting unauthorized access and malicious content.
3. Raise awareness and educate your employees
Establish security policies to determine how to safely use your systems. Invest resources in raising awareness and train your employees, so that they understand the risks of a cyber attack and can apply these policies to minimize them when they occur.
4. Protect the company against malware
Be especially scrupulous with anti-malware policies: one of the most common entry doors for hackers that can be easily opened by clicking on a link or an attachment in an email.
5. Control mobile information
In this case, mobile information is not the information that we create or manage from our smartphones, but all those files that you can access from the cloud or transfer to a remote server: a moment in which hackers can install all kinds of malware in our system. To avoid this, create a protocol or policy on how to manage such imports or exports to and from the cloud or from the company's server.
Did you know that there is a map showing
6. Ensure a secure configuration
At the time of starting a device or system, it is self-configured in a way that makes it especially vulnerable to suffer cyber attacks. It is therefore important to update the security patches that prevent infiltrations during startup, and periodically review that these patches are being installed correctly.
7. Manage access level information for different users
In all organizations there are employees who must be able to access certain files and others who also must be able to edit them. Thus, it's important to create different access levels, because the more information managers your company has, the more vulnerable it is to cyber attacks. It also key to have a record to track who accesses what files, when and how he/she interacts with them.
8. Establish an incident mangement protocol
Even after taking all these precautions, companies are always exposed to becoming a victim to a cyber attack. It is therefore important to create protocols and perform drills with recovery mechanisms and drills reporting to the authorities, to know exactly how to proceed in case your company suffers a security breach.
9. Monitor your systems and networks
In addition to having a track record of who accesses to the server or the cloud, it is important to monitor that the organization's systems and networks function properly, to check its status at all times and detect in real time any unusual activity that could point to an attack’s imminence.
10. Create a protocol for accessing information remotely
Just as before we recommended to create protocols regarding how to upload and download information from the cloud, companies must have clear rules on how employees should work remotely from their mobile devices, which is another common doorway for any type of cyber attack.
Your company should not underestimate the risks of a cyber attack, so do not skimp on the budget for developing and implementing a cybersecurity plan. We hope that these first 10 steps help guide you in elaborating a first version of it.
This post is also available in Spanish.
- Mobility management in business: security risks and how to manage them.
- Is the two-step SMS authentication really safe?
- Eight recommendations for safe Internet browsing.