Page 55 - Cyber Warnings
P. 55
browsing” culture can keep staff vigilant of suspicious links or email scams. Enforcing regular
password changes and implementing security measures to keep data safe is useful, but
remember that if you make it too difficult, staff might find workarounds that compromise the
security that these measures are supposed to enhance.
For example, if they have to change their passwords too frequently they may write them down
on a notepad and leave it lying around, and if they have to go through an overly complex
process every time they want to access their files in the server, they may store them offline or
on external storage devices, saving everything into the network at the end of each day.
5: Have a plan in place for recognizing and dealing with cyber attacks
Of course you want to have measures in place that will ensure you avoid a cyber attack, but
however safely you and your staff are behaving, the unthinkable can always happen. If it does,
you'll want to make sure that you have a process in place for minimizing the threat and returning
to normality as quickly, painlessly, and cheaply as possible. One thing you can do to this end is
to have a way for staff to alert the relevant person if they're concerned that a breach may have
occurred or that something doesn't feel right.
This could be an emergency phone number that is publicized around the office. If an attack
happens, you'll need to make everyone aware of it as quickly as possible, and have a procedure
in place that will ensure everyone knows what they should and should not do. An internal
communications plan will enable you to get information to the people who need it. It's also
useful to have a PR strategy so that your people know how to respond to questions from press
and stakeholders to maintain a responsible public image.
Unfortunately, we live in an age where there will always be people targeting your business, and
it's vital that you protect yourselves against them in any way possible. The best way to keep
your business safe is to make a commitment to educating your staff and making sure that
they're aware of the security threats their activities can present, the scale of damage that can be
caused by simple mistakes, and what they can do to minimize the risk.
About the Author
Asher de Metz has approximately 20 years of experience in the cyber security industry
consulting to some of the world’s largest companies in all of the top vertical markets. Starting in
London he has worked across Europe, the Middle East, and has spent the last 8 years in
America working for Sungard Availability Services where he runs the Technical Security
Practice.
55 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
