Handling Your Cyber Security
Cyber Security commonly refers to protecting networks, programs and systems from any sort of digital/cyber attacks. While it’s important to take steps to protect your IT infrastructure, cyber security is increasingly about ensuring high security awareness among your employees as well.
Cyber attacks are a regular occurrence for small businesses. If successful, they access, control and destroy your sensitive information. It’s nothing new, but it is becoming more common and more sophisticated. The stakes are also getting higher as we become more reliant on technology for our personal and professional lives.
It’s not only yourselves and cyber criminals who are interested in the security of your network. Your vulnerabilities could impact your vendors, clients, customers & your insurance. Your company’s goal should be to protect itself, its partners and its employees to the maximum extent possible against security threats that could jeopardize its integrity, privacy, reputation and business outcomes.
While you can never fully eliminate the threat, with some smart planning you can make yourself a difficult target. Doing so will drastically reduce your risk of being the victim of a cyber-attack.
FunctionEights 5-step plan for protection
Identify risks and potential points of weakness in your setup
This step includes setting up a documented information security policy for each of:
- Assets, Annual Review, Access Control, Email, Internet, Antivirus, Remote Access, Firm & Public Wifi, Outsourcing, and Data Destruction
Implement the protection of your network and information
This is the part where the company plans a cybersecurity risk management program for its users:
- Employee training and written guidance, documented incidence response plan, clearly segregated access to data
By implementing a number of procedures and controls, cybersecurity risks to the Firm will be significantly reduced.
Understand the risks associated with third parties
We would work with you to:
- Do a thorough assessment of third parties cybersecurity
- Setup network segregation of third-party access/content
- Control third-party network access
Create a disaster recovery/ business continuity plan
The business continuity plan is designed to help enable you to meet your existing obligations to clients and counterparties in the event of an emergency or significant business disruption. This would include:
- A continuity and recovery plan
- Communication with employees & investors in the event of a disruption
- Safety procedures and top-down communication chains
- Redundancy of mission-critical systems
- Back-up trading and operations site
Set up an incident response plan
Some things to consider in this plan:
- Managing the preparation/ discovery/ detection phase
- Event acknowledgment & initiation process
- Deployment of personnel
- Resolution process
- Security event reporting procedure
Frequently asked questions
It’s a breach that infects and blocks a computer system, often encrypting valuable data. The attacker then demands money to free the system and decrypt the data.
Make sure your employees are properly and regularly educated (cybersecurity awareness training).
Ensure there’s a back-up and recovery plan for data residing on your computers and server. In the unfortunate event a breach will happen, at least you will still have a copy of your latest data.
In this type of attack, attackers use fraudulent emails or other messages to trick victims into taking an action such as revealing personal data or passwords.
Make sure your employees are properly and regularly educated (cybersecurity awareness training) on how to spot and avoid fraudulent emails.
Invest in some email security software such as Mimecast.
1. To protect your company, we would strongly recommend to setup Multi-Factor Authentication (2FA) for all your employees, where a password needs to be verified on your device in order to be successful. It may be as hassle for some at first, but it will for sure protect your organisation and employees. against many possible threats.
2. Make sure all your employees have professional Anti-virus Protection software on their computers. Make sure this is regularly monitored and updated to the latest version.
3. Make sure you do a regular back-up of your company files.
4. Use strong passwords. There is a reason why larger companies force you to choose more complicated passwords with a mix of letters, numbers, symbols etc.
5. Don’t use Public Wifi.