The cybersecurity horizon looks bleak and is turning darker still with criminals preparing an onslaught on emerging technologies like the Internet of Things and driverless vehicles. In 2016, companies and individuals experienced over 90 million cyber attacks – 400 attacks every minute – and this number is expected to double this year. Over two-thirds of these go under the radar, but still wreak havoc. With this in mind, companies around the world are ramping up their security measures and the resources allocated to defending data are increasing dramatically.
Do you want to be at the leading edge of finance and business? You can't afford to miss out on the opportunity to hear from finance leaders and experts if you want success, inspiration and profitability in 2017! One of the tracks for the first CFO Summit of the year. to be held on 22 February in Sandton, is entitled Technology for tomorrow: Doomsday or opportunity? The truth about cyber crime. REGISTER HERE..
Here are five corporate cybersecurity best practices to implement in 2017:
Conduct a security risk assessment
Risk analysis should be the initial step towards developing a data security policy for your company and should be conducted regularly and whenever there is a change in circumstances. It will also ensure that you invest time and money in the right areas. Identify and locate your data assets, before rating the threats you face. There are various methodologies and international compliance guidelines to assist with this.
Create a solid response plan
Hackers and cyber-criminals are notorious for being able to adapt to deal with security measures. No matter how water-tight you feel your defence system is, chances are that you will be breached, just like the many businesses to suffer one over the past year. In this event, you need to know what to do in terms of damage limitation and securing your data. A relevant insurance policy will also give you some peace of mind.
Enforce the principle of least privilege
The principle of least privilege in computing terms holds that every process, a user, or a program must be able to access only the information and resources that are necessary for its purpose. Apply it rigorously to all systems and services and restrict user privileges to prevent malware from spreading quickly through your network. Make a company-wide effort to enforce it and review the system regularly to ensure that it is up to requirements.
Keep your infrastructure current
Cyber-criminals are inventive and will look to exploit any vulnerability that opens up in your system. New infiltration techniques are devised on a daily basis. To keep your network protected and ensure that you don't go the way of many firms that have endured attacks because they were lax about the latest security patch, make sure that your software (operating systems, anti-virus packages and popular software) and hardware security is up to date.
Educate users
Training of staff is a cybersecurity area of focus in 2017, simply because users are the weakest link in any information security system. Educating users on cybersecurity best practices is key to limiting risk. Training and awareness programmes can involve things as simple as password creation to protocol on taking information off company premises. Users should also have a thorough understanding of the role they play in any cybersecurity initiative.
