Skip Ribbon Commands
Skip to main content

An Ounce of Prevention

12/10/2017


​​Using cyber health check can reveal cyber security threats and the best course of action to minimize risk

Businesses across every industry are facing myriad of cyber security threats. According to the 2017 Cyberthreat Defense Report by CyberEdge Group, nearly four in five respondents indicated their organization had been affected by a successful cyber attack in 2016. A full third of respondents experienced six or more breaches in the span of a year.

Some of the most common attacks include:

  • Phishing scams, intended to steal sensitive information, such as intellectual property or security credentials.
  • Malware, usually spread through infected links, may install software that is capable of stealing information or downing entire systems.
  • Ransomware, which is also typically spread through email or malicious links, will shut down or deny access to a company’s files or systems until a ransom is paid.

Information about cyber attacks can be overwhelming, making it difficult for companies to know where to begin and how to prepare against an attack. New stories focused on cyber security usually involve large companies, leading some to believe that threats only happen to the larger corporations.

The unfortunate reality is that for many businesses, it’s only a matter of time before a cyber attack happens, which could result in reputation damage and significant financial loss.

The best strategy is for businesses to invest in an ounce of prevention to understand their cyber security health. This approach focuses on implementing the appropriate protection and developing a plan to minimize the damage of a cyber attack.

Understanding the Risks for Your Business

The first step is to take stock of a company’s most valuable assets, where they’re stored, and what safeguards are in place to protect them.

  • What data or information exists that, if lost, could cause damage to the business or loss of competitive advantage?
  • How is the information stored and who has access to it?
  • What would happen if this information was lost or stolen?
  • What protections are currently in place?

This information allows for the development of an overall picture of the current state of the business and allows for the evaluation of the level of protection already in place.

Pay Attention to Your Industry

Attacks within a specific industry often reveal weaknesses that exist across the board. Understanding trends can help businesses identify the threats that may be looming.

Companies should consider working with a professional who can easily determine the greatest threats and help develop a plan for protecting the vulnerabilities within their systems.

Focus on Your Employees

Employees from across your organization can play an important role in protecting your assets. They also may be your greatest vulnerability. According to a recent CyberEdge report, low security awareness among employees continues to be the greatest inhibitor to defending against cyberthreats. The 2016 Security Tracker Survey found that 41 percent of Canadian C-suite executives and 47 percent of small business owners cited employee lack of knowledge and human error are the biggest security threats to their company in the future.

Providing education and awareness programs may not be enough. The information also has to be memorable and engaging. Bombarding employees with a vast amount of warnings and advisories can lead to information overload and awareness fatigue.

Build a Plan

Despite best efforts, the risk of attack never goes away completely. Every business needs a plan to respond and react to a cyber breach quickly and efficiently. Building a reaction plan starts with understanding how an attack can unfold so that proper protocols and tools can be put in place:

  • What’s the worst-case scenario?
  • What would need immediate attention?
  • Who would need to be part of your emergency response team?
  • How will you communicate with your customers and the public?
  • Is there back-up plan for retrieving data? Could systems and information be restored quickly and easily?
  • What business could be lost?
  • Who needs to be part of to clean up the aftermath?
  • Would there be legal ramifications, and who should be involved to help?

The information gathered from a health check will help determine a business’ current state and identify immediate areas for improvement. The next step is to identify the priorities for protecting the business​ and developing a protection and response plan.

The level of detail and the safeguards will depend on a company’s specific vulnerabilities, the impact an attack would have on the organization, and what safeguards are already in place. Without a health check, a business is left guessing on what’s needed and how to react. By building a plan before an attack happens, the tools are in place to act quickly to attacks – both to the risks we know exist today as well as new the threats that continue to evolve.

Tomorrow’s technology is shaping business today. For help conducting a cyber security health check, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777​ or [email protected].