I recently did a couple of posts about Cyber Crime, specifically 'Social Engineering', and how BlueCircle can help protect yourself, your assets and your business, by helping you get the coverage best suited for your needs. |
photo courtesy of ESET Security Community |
Of course, like anything else, insurance is one form of protection that will give you a bit of piece of mind if something does go sideways but the best line of defence is always going to be education, training, and instituting processes and procedures that will mitigate the loss potential in the first place.
Here's some helpful information that I was reading in a recent report on how organizations and businesses can protect themselves from cyber exposure.
One of the first things a company can do is take an inventory of what is called "Personal Identifiable Information" (PII). It is essential to know what info you collect, why it is collected, what you do with it, where it goes, who gets to share it, and what happens to it when it gets destroyed.
This will allow you to develop an IT governance program, which will include who has access and how you will protect the information.
Number one for the latter is setting up good password practices, with protocols to create strong ones as well as regular changes.
Again, some major emphasis on education for employees, particularly on helping them identify suspicious activity. Empowering employees by helping them understand their cyber responsibilities goes a long way in keeping the risks down.
Education on the technical side is critical too, as software updates and back ups will also reduce risk. BlueCircle uses the expertise of an excellent IT company, Next Digital, but not everyone has the size or resources to bring in pros like these, so the onus falls on them and their staff to mitigate risk.
Developing a cyber event response plan is a necessity too. The ability to recognize and then react to a cyber event will make a huge difference in both the short and long term. When privacy regulators respond to a report of cyber breaches they typically ask for the corporate governance and incident response plans, so you can see how critical this is in the grand scheme of things.
No comments:
Post a Comment