In May 2017, the Economist ran a piece stating that “the world’s most valuable resource is no longer oil, but data.” For data-rich organisations – such as those in the alternative investment sector – the reality is that the soaring value of data has increasingly made every business a target. Today, it is not just huge enterprises with vast resources that are vulnerable but small and medium sized firms too. This shift in focus is reflected in the statistics – 45% of small businesses and 66% of medium sized businesses experienced a security breach in 2016 – 2017 according to the Government Cyber Security Breaches Survey.
The Cyber Security Breaches Survey also identified the most common types of security breaches experienced by businesses overall. Fraudulent emails (for example, phishing) were the source of the most typical breach, followed by viruses and malware, people impersonating the business online and then ransomware. These represent the areas of most vulnerability for businesses and the key risks to address in security strategy.
Creating a security-first culture
A significant proportion of the most acute risks for business are linked to human factors. Staff who click on phishing links or accidentally download malware that infects an entire system leave any business incredibly vulnerable, especially where there is sensitive data at stake. Those looking to improve security should start with the people within the business. Creating a security-first culture begins with training in IT systems and educating everyone with access to the network in how to spot the signs of potentially fraudulent or dangerous communications.
Key steps to overcoming business security threats
Set an example. Cyber security is the responsibility of everyone. The consequences of a breach will affect every single person in the organisation and it is important that this is an awareness all staff have. The most effective way to implement this mindset is to ensure that those at the top set the example.
Spend time on disaster recovery planning. The ostrich approach does not work for fighting cyber crime – if a breach occurs then pre-planned disaster recovery will be essential to minimise the damage, both financially and reputationally. Disaster recovery planning plays a crucial role in awareness and preparation, as well as ensuring business continuity.
Prioritise protection. Protecting data is the top reason most businesses spend money on cyber security. So, it makes sense to separate out data to ensure that there is a safe distance between the location of a potential breach and the most important data. That way, should the worst occur and the business systems become entirely compromised, the data remains separate and secure.
Invest in IT. The quality of IT infrastructure plays a big role in the level of security it provides. Device management, encrypted data and passwords, restricted access, firewalls, data back ups, malware protection and ensuring software is always patched and up to date are just a few key features of a strong IT infrastructure.
Failing to overcome security threats can have serious consequences, from loss of files, to reputational damage and court action. At netConsult we specialise in IT for the alternative investment sector, in creating the right infrastructure and keeping it secure. Contact our specialists to find out how we could improve security for your business.
Author: Laura Zverko - Follow us on Google+