If you weren't already aware of how important it is to get cyber security right, there have been plenty of reminders lately. It seems that practically every week, another high-profile data breach hits the headlines and we recently saw the Information Commissioner's Office (ICO) announce its intention to impose multi-million pound fines on both the Marriott International hotel group and British Airways for major breaches that came to light in 2018.
Earlier this year new research from IBM Security revealed that the cost of data breaches is rising steadily across the world, with organisations in the UK suffering losses of up to £2.99 million per data breach incident. Of course, the fall-out from these incidents isn't just limited to financial loss, they can have a devastating impact on reputation too. Limiting exposure to risk is essential – for businesses of all sizes.
I work closely with over 80 digital and tech companies based at Platform here in Leeds. Cyber security is paramount to these businesses. Their operations centre on data and coding and they rely on secure, fast internet access. But we also help our customers to mitigate risk by connecting them to experts to boost their awareness of best practice cyber security.
Hackers are becoming more sophisticated and there are a wide range of threats to data security at play; from human error, to phishing, cyber-attacks and ransomware, so businesses need to tighten up their cyber security approach.
But how should you go about putting the right approach in place for your company? Here's 10 top tips:
1. Never think you’re too small. Data breaches can affect all firms, regardless of size.
2. Educate your employees about how to recognise, avoid and protect themselves from cyber threats – but don't over-complicate your communication, make it easy to understand and relevant to their role.
3. Encourage your workforce to be vigilant about everything. It is human nature to be trusting but don’t be - that’s what hackers rely on. Look out for suspicious online behaviour and if in doubt, report it immediately.
4. Ensure workers are keeping their professional and personal online life separate, for example work emails should never be used on personal websites etc.
5. Make sure all laptops and devices being used outside of the office for home working etc. are encrypted.
6. Make sure you have multifaceted authentication systems in place, a password isn't enough anymore.
7. Be wary of online business platforms, such as Microsoft Office 360, which can become vulnerable to cyberattacks if not properly protected.
8. Check and validate your supply chain. Make sure your suppliers do their due diligence and are protecting data too.
9. Don't over-engineer your CRM systems, as downloading data increases the risk of a data breach.
10. Get the basics right and you'll stop the breaches!
Too few companies are prepared for a breach to take place. If you can respond quickly and efficiently to a breach it can help to contain the impact and prove to the regulators that every effort was made to address the situation.