Modern organisations use and need access to today’s technology but understand little of the actual underlying systems.
This creates a huge problem for the cybersecurity of the organisation.
With due diligence to the fore you would think that implementing a cloud solution would be relatively easy, everyone is doing it and of course it will make the organisation more competitive.
But will it?
Today’s organisational technical environment are a hash of unrelated systems needed to fit a niche requirement, combined with the least available spend and with the best return available.
It is no wonder that inter operability becomes a huge problem when combined with the cybersecurity aspects of protecting the organisation.
Now tie that in with the business compliance requirement and you can see how big a problem business security becomes.
There are a number of strategic requirements that can be used to make the organisation more secure.
Teach your children well, never mind the children, teach your staff an understanding of cybersecurity and securing your business. Your staff are usually the first line of defence and the last line of resistance.
They will see something happen, open an attachment, follow a malicious link and they need to be able to recognise what they have done and then do something about it.
Realise that they have gone to a malicious website and unplug the network card.
Invest in the best.
The newest operating systems and applications, the best firewall you can afford to buy, the most secure wireless and VPN system.
They are all important in protecting your organisation.
But, they all need to be updated and patched as required.
Who has access to what and what can they do with it. Where is it stored and have you got a backup of all critical data.
Those questions are all part of the risk management component of an organisation.
When it comes to risk and data always err on the best protection that you can afford.
Restrict access to system.
Need to know, yes its an old saying but it still has currency in today’s world.
Make it a rule that no administration account has access to the internet or has an email account. These are the primary attack vectors for a cyber criminal.
Policies, procedures and processes
Build them and they will protect your organisation. There is a fine line between over restrictive and non existent.
All of the three P’s should be designed to support business functionality.
Back it up
No matter the expense, an investment in a backup strategy, a disaster recovery plan and a business continuity plan can mean the business will survive a silly mistake.
No matter the situation a decent strategy around recovery will save you every time.
Your organisation can come to a complete stop with one interaction with a dedicated bad guy. Make sure that you are not exposing your organisation to that problem
Everyone within the organisation has a requirement to look for the signs that depict a cyber attack.
Use them, educate them and make sure that everyone knows that the requirements are within their job purview.
Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework. Rapid Restart Appliance Creator. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.