Cybersecurity in your business starts with you

As a business owner in the digital age, one of the best things that you can do to gear yourself for the future of your industry is to learn how to protect your business and its interests from cyber threats that could lead to damages on a large scale.

One of the most frequent minor inconveniences we face in the modern age is waiting for a program to update before we can use it again. You might find it frustrating if your anti-virus program wants to perform an update every other day, but these updates are vital to your continued safety.

These updates are necessary as every moment that goes by is another moment in which a cybercriminal is attempting to exploit vulnerabilities in the digital universe. In fact, everything we know about cybersecurity right now is already outdated. Do not let it come as a shock or induce panic, though, as there are many practices/steps that you can implement to essentially eliminate all cyber-threats to yourself and your businesses.

1. Start with yourself

The best leaders learn before they teach others to follow. This is not to say that you need to learn everything there is to know about cyberinfrastructure and cybersecurity before you start speaking to your employees about it. But the only way that those in your employ will trust you enough to listen and take to heart what you say, is if you lead by example.

Take time to familiarise yourself with cyber threats to your business. As a business leader, you are best equipped to identify the areas of your business most susceptible to cyberattacks. Once you have identified the most valuable information your business possesses, you can ramp up your security measures in the right areas to repel or prevent attacks against your company.

2. Focus on re-learning

As people who have grown up in a society where technology has grown in leaps and bounds over the years, we must not be as naïve as to think that what we knew 10 years ago is still as valid today. Cybersecurity, from now until the indistinct future where we transcend the need for a digital world (which will not be anytime soon), will constantly need to be revised, unlearnt, and re-learnt.

Therefore, from the outset, it is necessary to take a systematic approach to cyber education that constantly revises its practices and implements new safety measures against the multiplicity of threats out there.

3. Know about the array of cyberthreats out there 

To be best equipped for a cyberattack, you need to be aware of the various avenues for attack that exist and how these points of attack may present themselves to your business.

• Web-based attacks 

Web-based attacks make up the largest proportion of all cyberattacks (49%). These attacks are conducted while you are browsing the web and can take a variety of forms: from clicking a hyperlink to a malicious website, to enabling malicious web-scripts, to inadvertently installing malware.

• Phishing 

The second largest proportion of cyberattacks (43%) is phishing attacks, which often starts over email. Phishing is a method of cyberattack by which cybercriminals entice you to divulge sensitive information while purporting to be reputable sources.

• Spoofing 

Spoofing is when someone or something pretends to be something else in an attempt to gain a victim’s confidence, get access to a system, steal data, or spread malware.

• Malware 

Malware is a kind of malicious software that compromises a network/device/system. These include, but are not limited to, adware, viruses, trojan horses, and spyware.

4. Put the infrastructure in place to minimise your risk

As cyberattacks become more sophisticated, so do anti-virus programs (and other cybersecurity tools). Make sure you have the kind of infrastructure in place to maximise your security. Here are some considerations for improving your cybersecurity:

• Implementing firewalls between datapoints
• Investing in reputable (paid) anti-virus/anti-malware solution
• Encrypting the data you store on your servers

• Installing a Virtual Private Network (VPN) on your devices

5. Teach your staff cyber (street) smarts

The vast majority of cyberattacks require at least some kind of human interaction for it to be successful. While your infrastructure can do a lot to minimise risk, it can never eradicate it. That is why you need to invest in continuous staff training. Make sure to include cybersecurity training as part of your onboarding processes, while continually helping your staff make the best decisions while working online.

Cybersecurity smarts are not only worthwhile in the office, but they are also becoming a necessity outside of the office. Promoting cyber-security as a habit could go a long way to protecting your employees and company no matter where they are.

6. Test your security

One tactic that many companies have been using to assess their risk of cyberattacks is that of co-ordinating mock security breaches in which employees are targeted with a cyber ‘threat’, which demands a response from them. Those who fail the test must be alerted to the real damages that could have been borne from threats to security and what the consequences of their actions may have been if there was a real security threat. Although it may seem a little drastic, it could very well serve as a much needed wake-up call for those who are naïve in their online activities.

References

• https://purplesec.us/resources/cyber-security-statistics/
• https://www.techrepublic.com/article/how-to-make-your-employees-care-about-cybersecurity-10-tips/
• https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-them/

This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your adviser for specific and detailed advice. Errors and omissions excepted (E&OE)