Cyber security isn't something that can be delivered and fitted and then never thought about again. This isn't something like new window locks. Yes of course, technology plays its part in your cyber defence strategy, but it doesn't end when the firewall has been fitted and configured, nor when the server has been hardened and patched.
Cyber security is a journey and you never get to the destination. It is all journey.
If you have the best technological defences built upon the newest and smartest hardware and software solutions, that's great.
As far as it goes.
It would definitely give you a security boost. But you won't be getting the best out of that new equipment without careful configuration and setup, and its effectiveness will dwindle quickly if it is not patched at the firmware level, used to its best advantages, and monitored and maintained so that the information these devices provide is used in decision making.
Our customers can out-source those work items to us, but we still need engagement and quality time from the decision makers within the business. We can certainly look after it for you, but you're on the team too. And you have to play your part, just like the rest of your staff.
To ensure the staff who are going to be use your IT do the right things, consistently, requires processes. Without formal, written processes and robust IT governance, all you have is tribal knowledge. If your policies and procedures are written, shelved and ignored you don't have a system in play. You may have a system, but no one is following it. That equates to a free for all, and a waste of time writing the procedures.
And worse, it threatens your cyber security, which threatens your business.
Staff need to be aware of the duties they must perform, the responsibility they have for your IT equipment, infrastructure and data, and how to spot and deal with common threats.
Policies need to be introduced in a way that explains the necessity for the procedures and the benefits they bring. Without staff buy-in you're fighting an uphill battle. You need to foster a security-minded culture based on healthy caution. Think first, click second.
Cyber security is like a three-legged stool. You need all three legs if it is going to have a chance at success.
Your defensive stance on cyber security must contain pro-active defensive countermeasures that are applicable, effective and appropriate to your business, your budget and your level of risk. They must also be reviewed frequently to ensure they are continuing, collectively, to provide the protection and safeguards you require.
In a 2018 survey of 1,200 organizations, 74% felt adherence to compliance requirements is either ‘very effective’ or ‘extremely effective’ at increasing cyber security. Compliance to standards is a major contribution to achieving and maintaining a strong level to cyber security. Standards, through their application of controls, policies and procedures for staff, encourage a culture of security, and provide something for staff behaviour to be targeted at, and measured against.
Standards and compliance includes your own internal procedures, not just those for PCD-DSS or CyberEssentials. Password Policies and Fair Usage Policies, for example, should be in place whether or not you adhere to a formal standard.
The importance of staff training cannot be overstated. Careless or uninformed staff are attributed to inadvertently facilitating 57% of the successful cyberattacks in 2017, and 36% of attacks having phishing or social engineering elements, which directly target staff. Pro-Networks can conduct comprehensive and engaging training sessions with your staff. The training is designed to:
Cyber security is a team sport, and it requires a team effort. Because cyberattacks are a dirty game.