Cyber Safety: How To Get The Basics Right

Ever thought about the cyber safety of your business? Considered how a cyber attack could cause the loss of your customers’ data and impact your reputation?

To protect your business it’s vital to have a cyber policy in place that supports your organisation to get the basics right. The foundation of all good cyber security planning is to allow your business to think about what would happen and the practical steps that need to be taken to deliver the best cyber response.

Cyber safety for small to medium-sized enterprises (SMEs) is vital in today’s world. We need to do whatever we can to safeguard our information from the likelihood of cyber attacks, ransomware and disruptive technologies, such as the Internet of Things (IoT).

That way if a cyber attack then ever occurs, your organisation is prepared with a plan so that it remains in a calm place and has a process to follow to effectively work through the incident in a way that causes minimal impact to your business reputation and customer data.

Cyber threats for SMEs can be broken down into key areas:

  1. Loss of systems
  2. Lost of websites
  3. Loss of information

A recent survey concluded that as many as 60% of small businesses do not survive past six months after a cyber event on their systems, mainly due to the cost of recovery. It is a growing issue – in the past 12 months 61% of small to medium-sized enterprises (SMEs) in this survey had experienced a cyber attack. The most common cyber crimes against small businesses are phishing and web-based. However, it is becoming increasingly more targeted and sophisticated.

CERTNZ – the organisation charged with receiving information on data breaches in New Zealand – reported that in the second quarter of 2018, they received 736 reported cyber breaches or attacks. However, even more interesting, is the statistic that of those attacked 507 were from businesses – an increase of 143 percent on the previous quarter.

So, how do know what to do to keep your business cyber safe?

It’s all about getting the basics right and becoming cyber literate. Practical cyber security planning is knowing exactly what you need to do before an incident happens so you are ready to take care of your businesses two most important assets – your customers’ data and your company’s reputation.

You might not want to think about planning for unplanned events but having a cyber policy allows you not only to get the planning right but also significantly reduces the opportunity for any event to happen in your business.

As an organisation, this requires running through key considerations, such as what will happen if our business is targeted in a phishing attack? What if it is ransomware? How will we respond? Where are our passwords stored? How are they protected?

ResilienceTec’s first cyber security module walks your organisation through a process of building its cyber security policies. It is a step-by-step guide to improving the understanding of cyber risks and to minimise risks of human error or malicious intrusion. This includes the development of a password policy, email policy, payment policy, staff cyber training policy and many more.

Many of customers say that the most important step for them is that building their cyber security policy opens up a conversation in the organisation. It changes the culture in the business so that everyone feels ready and prepared.

The second ResiliencTec module is a cyber security response plan, with practical guidance on what do in certain cyber events, such as a phishing or ransomware attack.

Getting prepared to survive a cyber attack doesn’t have to be a scary process. It can be easy and simple but in today’s world is an absolute must.

According to the Federal Emergency Management Agency (FEMA), more than 40% of businesses never reopen after a disaster, and for those that do, only 29% were still operating after two years. Those who lost their information technology for nine days or more after a disaster faced bankruptcy within a year.

Leave a Reply

Your email address will not be published. Required fields are marked *