What do you picture when you hear the word cybersecurity. Most likely, something distant that only “big companies” should be concerned with. In 2019, multinationals and governments such as Toyota Australia and Singapore’s Ministry of Health have experienced data breaches. Such security breaches can impact any company, big or small, that uses computers or mobile phones. Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing or destroying sensitive information, extorting money from users, or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative. In fact, during the first half of 2018, the number of cyber breaches soared over 140% when compared to 2017.
As reported by Gemalto, there are 3.3 billion compromised data records worldwide. As small and medium enterprises are included in the statistics above, the threat is very real in the cyber landscape. Organisations must then have a ready framework to guide them in dealing with both attempted and successful cyber attacks. This framework essentially acts as a guide for you and your employees to identify attacks, protect systems, detect and respond to threats, and recover from successful attacks.
At PikoHANA, cybersecurity is of paramount importance. During Q1 of 2019, the company engaged a professional services firm to test the security of PikoHANA’s cloud technology against digital threats, which is also known as a ‘penetration test’ or ‘pen-test’. In addition, other than just paying attention to external threats, it is equally important to consider cybersecurity risks from an internal standpoint as well. Organisations may want to consider having data loss prevention (DLP) controls and security and privacy awareness programs in place to improve recognition and reporting of suspicious activity.
Measures organisations should take immediately:
• Educate employees on cybersecurity. This should include not only procedures and practices, but also how to report incidents and react to threats.
• Back up critical information. Employ the latest technology along with time-tested practices to ensure that critical data can be accessed after an attack.
• Secure your internet connections. This can be achieved with the use of effective and regularly updated software designed to prevent or minimise security breaches (e.g. anti-virus and anti-spyware).
• Know your partners. Almost every company collects some form of user data. Keeping this data protected is one of the most important aspects of any security strategy. Always ask any prospective service provider about its data security measures. You cannot rely on someone whose confidentiality cannot be trusted.
• Create a contingency plan. Put cybersecurity procedures and practices in place (e.g. effective passwords and security access requirements) and be sure employees rigorously adhere to them.
In thinking about cybersecurity for your organisation, there is a need to consider the sensitive assets that malicious hackers are after, and not the size of your company.