Cyber Security is everybody’s business
High profile cyber attacks hit the headlines more than ever before, and so they should. While the panic of finding out if you’ve been hacked feels somewhat prescribed for modern life, there’s no comfort to be found in complacency. It’s not just a problem for your IT Department: cyber security is everyone’s business.
Unauthorised access
Cyber security relates to your company’s mechanisms for protecting computers, programmes, data, and networks, from unauthorised access. Malicious attacks, whereby company information, important data, or even confidential memos, can be obtained without permission, are all the more common. A simple republication of a confidential internal memo via a social media post can be construed as a form of cyber attack. But, what is unauthorised access? Simply put: any time a piece of information or data from within your company is shared publicly, or with someone outside of your organisation without the required permissions, that’s unauthorised access. That data or information could be anything from an internal memo, to a complex piece of code embedded in a network server. Or, it could simply be an email password. No matter the element of data shared, the risk of unauthorised access remains the same: high.
All types of security
Cyber security also does not end with simply protecting your organisation’s digital assets: it extends to protecting and ensuring the integrity of your physical assets too. Of course, protecting physical assets, by ensuring that relevant and appropriate security measures are properly used, is an important part of your business’ facilities management mandate. But, physical security measures are not always enough, as is particularly true with our interconnected business landscape, and interpersonal communications.
Higher risk landscape
As the world has shifted its attention and effort away from paper-based communication, and face-to-face meetings, the risk of a malicious attack has risen. A simple hack into an employee’s personal email address, if it has been used for your company’s work purposes, could expose your business to an even greater cyber security risk.
The cyber security framework
There are several elements that make up cyber security. These include:
- Physical security: The security measures your company takes to ensure that no computers, printers, hard drives, consumables, memory sticks, or other equipment are lost during your day-to-day operations.
- Network security: The applications, programmes, and equipment used to secure your company’s internal network, internet connectivity, and associated networks, from unauthorised access.
- Application security: The protocols and procedures your IT Department oversees, that enable or disable the installation of programmes on to your company’s computers, laptops, printers, and other equipment. This form of operational security will have the biggest effect on your team member’s experiences with cyber security, as it affects and determines the type of programmes they use in their daily work.
- Information security: The policies and procedures that are followed to secure your company’s information, including emails, memos, product and sales information, employee data, and similarly important information. Much of this information needs to be well-protected in terms of the law, and compliance is a legislative requirement. Moreover, as personal data has become our calling card in the digital world, ensuring unauthorised access to personal information remains significantly important, and your customers will demand higher levels of it as our world evolves.
- Disaster recovery procedures: How your company is equipped to respond to a cyber attack, malicious attempts to access information, or even a simple slip-up by an employee, must be defined in accordance with relevant legislation and your business objectives.
- Company user policies: Every employee must remain compliant in their use of computers, printers, laptops, and other electronic assets. These policies may also extend to the employee’s use of personal mobile phones, as these present a potential leak threat for every company too.
Defending your company’s assets, information, and employees, from a cyber attack, should be a priority for every business, no matter how small or large. While the panic may be rising in your throat, robust solutions to your company’s cyber security problems can be easily found. Contact us for a strategic consultation, to better understand your company’s needs and next steps.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.