That is a loaded question, because most professional cybersecurity experts believe that nothing can be done to protect an organisation without said expert.
There are a number of things that can be done to make your business environment secure, but all have to be driven by management with the vision to protect their organisation.
If management, C Level execs, board members and owner beleive that business security is important, vital in fact, then it will be picked up by everyone else in the organisation.
The introduction of cloud computing and everything stored in the cloud has exposed more and more data. This data is targeted by the bad guys.
Here are 6 tactics that can be implemented by any organisation without the need for a security expert
The constant barage of patches and updates that come from microsoft, apple and android are exceedingly annoying.
In fact they can have an impact on business.
The reason that they are produced is to protect the operating system.
Patches are developed because someone, somewhere has found a way to compromise a piece of software, the manufactrer has found out about it and the software has been rewritten or changed to stop it from happening.
These changes are called patches and are BENEFICIAL to you. Every organisation needs to have a process to implement those updates.
Passwords have to have 3 requirements.
They have to be complex, any character on the keyboard should be and can be in a password. Letters, numbers, symbols all mixed together to create a complex password.
But, it does not stop there – they also have to be unique, different for every digital location and that have to be longer that 10 characters.
We use to specify 8 but changes to technology and the speeding up of processing power has reduced the time needed to crack an 8 digit password.
2 factor authentication
Any additional protection to data is a good idea.
Two factor authentication relies on three things instead of two to access the information.
It is addirional to username and password and is only triggered if the combination of the first two is correct.
In todays world, we all have a mobile phone, this is used as the two factor authentication process.
User name, password and a code delivered to your phone means you are verifying who you are.
Separate and segregate data.
I can think of three areas in any organisation where information needs to be separated.
Email, financial data, trade secrets have seperate requirements within an organisation.
You do not need to have everyone access financial data.
In the old days it was called compartualisation, need to know. Today it is still very relevant.
Train and educate everyone
There are many free or inexpensive training and education programs available to suit any organisation.
Training needs to be focused on the individual.
Everyone needs to understand why the organisation is protecting the data, why certain things are done in a certain way but most improtantly why the organisaion is trying to protect their staff, clients and finances from the bad guys.
Back it up.
You never know when you are going to experiance a cyber event.
You have to know what information needs to be protected, how often it is accessed and what will happen to the organisation if that information is compromised or lost.
This should be part of your business risk management plan. (You do have one of those?)
The other part of backing it up is to test it.
All of these can be done without the aid of a professional cybersecurity expert.
There is one additional tactic.
The bad guys are everywhere.
They target you, not because you have something worth stealing, but because you are connected to the digital world and you think that is a good idea.
The days of the gentalman cyber criminal are well and truly gone.
Everyone is out for themselves and even a basic hack, malware attack or cryptovirus can shut down your organisation.
Cybersecurity is your responsibility!
Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He is the winner of the worldwide 2018 Cybersecurity Educator of the Year award and was Runner up in 2017 .
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI. He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.