Cyber attacks are bewildering for most executives. Many of them don’t understand how they work, and as a result feel understandably powerless when faced with the prospect.
This leads to many companies being unprepared.
In fact, it’s reported that it takes companies as much as 99 days on average to notice an attack, while 44% of companies have admitted to not having a solid security strategy in place.
If you’re a CEO and unsure of how to navigate the world of cybersecurity, here are three things you need to know when it comes to the scourge of corporate hacking:
Cyber attacks are making headlines
The first thing to understand is that a cyber attack is not just an IT problem, it’s also a PR problem.
While cyber attacks have been around for many years, hacks were often never disclosed to the public. However, in light of the newly implemented General Data Protection Regulation (GDPR) and soon-to-be-implemented Protection of Personal Information (POPI), most big attacks will have to be disclosed. And that’s a threat to the trust you have with your clients.
In other words, the prospect of having your user data leaked by hackers should be seen in the same light as product recalls or customers getting poisoned at a popular restaurant chain.
Simply put, if you don’t protect yourself against the latest cybersecurity threats, your clients will punish you for it and your reputation might take years to rebuild.
Educate your executives and test your employees
While there are many great cybersecurity products and services out there, it will all be for nothing if your executives or staff are tricked into giving their passwords away.
To be fully protected means that a cultural shift needs to take place in your organisation.
And it has to start at the top, with your executives. Remember, people are your last line of defence, so invest in security training to ensure your staff will be able to spot a wolf in sheep’s clothing.
Then, once employees have been trained, you need to regularly test them and run refresher courses to keep them on their toes.
Understand what you have and use it
One of the prevailing myths around cybersecurity is that it costs millions of rands to implement.
This is simply not true.
Many companies already have infrastructure in place that just needs to be optimised and tweaked in order to block attacks.
For example, if your company already has Microsoft 365 Enterprise, you could deploy many security features without having to undergo a complete security system overhaul.
Microsoft’s latest products, such as Windows 10, have built-in security features that simply need to be switched on and configured to the business’ needs. So, the first step is to understand what systems you have, to update those and then to ask whether extra security is needed.
And if you still feel lost, just ask for help. It doesn’t cost much to get a cybersecurity firm to come and look at your infrastructure – it might just be a critical decision that saves your company millions of rands’ worth of damage.
• Chester is the MD of Ukuvuma Cyber Security. You can contact him at security@ictsecurity.io