Cyber security is everyone’s business.
Every level matters
Cyber security is not just your IT department’s problem. This brief guide outlines the importance of educating every single member of your team in terms of the:
- Compliance-related rules and policies around ensuring cyber security and managing cyber risk.
- Operational requirements, rules, and policies for ensuring cyber security and managing cyber risk.
Creating easy to use guidelines and solutions that offer your business a robust cyber security framework is imperative, to ensure a successful adoption and implementation of your cyber security plan. The fact remains: you can have the strictest network protocols, the most dazzling of security procedures, and the highest level of verification mechanisms attached to your office door. But, all it takes is one person with a memory stick, or a simple laptop theft, to expose your business to extreme risk. Most cyber attacks nowadays rely upon some level of human interaction to be successful. Phishing attacks, for example, work because they are created to fool even the most critical of eyes into believing something is authentic.
Every level has the appropriate privilege
Defining the level of access a member of your team will have to your company assets and information forms part and parcel of their job description. For example, a filing clerk may not need access to the CEO’s email account to ensure they’re doing their job well. Alternatively, the head of your IT department may be responsible for helping your Human Resources department maintain their online systems, but that doesn’t mean they need to know how much your CEO’s trip to a conference in Hawaii cost. Similarly, your cleaning department does not need to take a laptop home every day, just so they can catch up on emails.
Tokenised access systems
Defining the level of data or asset access is important, but ensuring those access privileges are maintained and can be revoked if required, is just as vital. Tokenised access systems, including fingerprint verification systems for your office door, or one-time password services for your network configuration tools, can be used to ensure a relatively robust level of cyber security.
What matters the most with Cyber Security
A cyber security plan is not a once-off project. Instead, building, implementing, and then maintaining or expanding that plan so that it’s adaptable and responsive to changing business needs must be kept in mind. For that reason, we recommend you focus first on the mission-critical aspects of your business, and securing the assets and information your business relies upon the most, first.
Verify, then trust
Authentication mechanisms are not purely for computer-based use. Instead, authentication mechanisms can take on the form of showing an identity card to your security guard at the door or creating critical guidelines for how passwords and usernames are to be created by end-users. Every policy and procedure for the appropriate employee or team member must be shared, understood, and adopted by everyone. This will also include authenticating and verifying the access and use by third parties, or external service providers.
Adopt and review
Verification techniques are great tools, but people leave jobs, equipment may be lost, and projects end. Establishing solid procedures to review access and ensure it’s still required must form part of your cyber security plan.
Personal data and Cyber Security
The buzz around personal data security has never been louder. And, as a business, you’ve got to take notice. Personal data, including employee records and other important information, customer, and third party data, is a deeply regulated realm. Avoiding or forgetting to comply with the relevant legislation can be a death knell for your business. Establishing an effective cyber security programme that ensures your business remains compliant at every turn, is not just the job of your IT department. Cyber security is everyone’s business, so make sure it’s part of everyone’s job.
Conducting a thorough assessment of your business’ needs and how to educate every member of your team is important. ProPrivacy can help. Let’s chat.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.