Cyber-attacks are evolving at an alarming rate and affect everyone and anyone. With the current threat landscape at its highest, how can we aim to keep ourselves and our customers cyber secure?
Knowledge is power and understanding your organisation’s security posture, although no trivial task, is a crucial starting point for any business serious about protecting from cyber attacks and potential security breaches.
With 2018 just around the corner and the potential for a whole new breed of security breaches to affect organisations all over the world in the New Year, we have put together 4 essential questions businesses should ask to determine their current security posture, to identify any gaps and to prepare for 2018.
1) What are the most important data assets to the business?
A vital task of any security team is to identify what data is most critical to the business and where that data resides. After all, if you don’t understand what data you have, how can you know what to do with it and how to go about securing it? A strategy designed to protect the data is a must for any business holding sensitive information and the fundamental controls below are essential to achieve an efficient data security strategy for your organisation:
- Enforcement of encryption on all endpoints
- Deployment of anti-virus, anti-spam and anti-malware software
- Regular backups of files
- Deployment of a multi-factor authentication solution to securely manage data access
2) What security controls do you currently have in place and do they meet compliance standards?
An internal audit of your current security controls, including hardware and software solutions and any security services outsourced to a third party, is another key task IT teams should undertake to get a clear understanding and grasp of their security posture.
You should also ask the question ‘how well patched are our IT systems’? Many successful attacks take advantage of known security vulnerabilities therefore a rigorous patching policy can significantly reduce your attack profile.
The General Data Protection Regulation (GDPR) coming into effect on 25th May 2018 will bring a set of new regulations and obligations for companies that handle information belonging to individuals, therefore performing an audit of your security controls is the first step towards GDPR compliance which will enable you to understand your obligations, what your current processes are and identifying any gaps.
To find out more about how to prepare your team for GDPR compliance and the realities of implementing GDPR in your organisation, join Zinopy & Metacompliance at the GDPR European Roadshow 2018 Dublin date on 30th January 2018.
3) Do you have an established process to address information security breaches and an incident response plan in place?
The possibility of a security breach represents a real concern for businesses of all sizes. Having an established process designed to address a security breach as well as an incident response plan in place to act on the breach should represent a crucial part of your organisation’s security strategy and posture.
The Data Protection Commissioner has approved a personal data security breach Code of Practice to help organisations to react appropriately when they become aware of breaches of security involving customer or employee personal information.
Should a breach occur, a clearly defined incident response plan can help you minimise damage, recover compromised data and preserve evidence for legal action.
4) Are your employees cyber –aware?
Security education and awareness is a crucial activity for the security team. While all the security controls you may already have in place (such as firewalls, antivirus, anti-malware etc) and even active monitoring are great practices that your business should definitely undertake, there is another threat that even these advanced solutions can’t protect against, and that’s employees!
Employee education is key to keeping sensitive data safe from online predators. Figures show the increasing trend of attackers targeting staff, who are considered the weakest link in a company’s security strategy. You can have the best technology and processes in place, but if your staff are not alert and vigilant, they can be an open door to cyber criminals.
It’s the security team’s job to advocate and support (with the help of senior management) a security culture within the company.
While measuring and understanding your organisation’s security posture is no small feat and requires a deep understanding of IT Security, Technology and the Threat landscape, been able to
Managed Security Service Providers (MSSPs) like Zinopy can act as an extension of your team and provide your organisation with 24/7 access to the expertise and monitoring technology that secures your IT environment and respond quickly to potential security threats.