If you are like most owner/managed companies today, the internet is an indispensable tool for success in today’s digital economy. Going online allows you to communicate with current customers and reach out to new ones to grow your business.
Of course, this is old news – but what people fail to think about is that being online should go hand in hand with being safe and secure.
As a business, you owe it to your customers, suppliers, and employees. But most of all, you owe it to yourself. What are the consequences of not being cyber secure? The cost in terms of both time and money can result in destroying in a few minutes all that you have created and worked to build up over many years.
Cyber security is about protecting your information, which is often the most valuable asset a business will own.
What are the 3 fundamental goals of cyber security?
(a) confidentiality – any important data you have should only be accessible to people or by systems to who you have given permission;
(b) integrity – the assets themselves and information they contain must continue to be complete, intact and uncorrupted and;
(c) availability – all systems, services and information must be accessible when required by the business or its clients.
To achieve and maintain these goals, good cyber security requires:
(i) determining the assets that are so important to the business that they need to be kept secure at all times;
(ii) identifying the threats and risks;
(iii) identifying the safeguards that should be put into place to deal with these threats and risks;
(iv) monitoring the safeguards and assets to manage security breaches;
(v) responding to cyber security issues as they occur and;
(vi) updating and adjusting safeguards in response to changes in assets, threats and risks.
How do you determine which are your most important assets? It’s especially hard when they are all called upon in the course of a day or a week to perform functions that which you depend.
Every business will answer this question in their own way, but any analysis must include the assets that when exposed to a threat, the business could not operate if they were down for any extended period.
The term “threat” refers to any potential danger to the business, its assets or employees. Some of these threats can come via nature, like a fire or flood. A simple solution to natural disaster is to refrain from storing all your eggs in one basket, or to diversify your portfolio. Basically, you should have a proper business continuity plan.
But threats are most likely to originate from individuals inside or outside the organization. Whether it’s cyber criminals maliciously attacking you with phishing emails, malware, ransomware, or social engineering attacks – or your employees “accidentally” deleting crucial data, its imperative to have the right safeguards in place and to keep your staff alert with cyber security awareness training.
Safeguards are anything you can use to counter threats and reduce risk. They can be either software or hardware but most importantly they are management policies and specific procedures for everyone in the organization to follow, including clients.
A big part of cyber security involves being alert to things that seem to be “out of the ordinary”. Employees must always feel that they can report security concerns, observations or questions to someone in authority who will listen to what they have to say, document what has occurred and take appropriate action.