5 Steps to Implement a Cyber security Programme in Your Company

php coding

Table of Contents

Consider these facts:

  • In 2015, PwC estimated that cyber crime costs the global economy over $400 billion annually
  • In the same year 2015, Symantec found that over 30% of phishing attacks were launched against firms with fewer than 250 employees
  • In 2017, Accenture found that worldwide, the number of security breaches in organisations increases by 30% every year

As business becomes more reliant on applications and devices using the Internet, social media and smart technologies, organisations are more vulnerable to cyber attacks, especially if they have a weak (or non-existent!) cybersecurity defence strategy. Breaches, which may be launched by hackers, criminals, company insiders or even rogue nation states may cause severe losses and have many long-term repercussions. Many organisations and business leaders now believe that in today’s business and technology landscape, cyber crimes are not just likely but inevitable.

Still think you don’t need cyber security for your firm?

Here are 5 strategies to consider before you start implementing your cyber security programme:

#1: Don’t re-invent the wheel. Check what other companies in your industry are doing

You’re not the first company implementing cyber security and you definitely won’t be the last. Talk to your peers, colleagues and industry connections to discuss challenges, best practices and next steps. Network with cyber security experts and ask them for their recommendations. If you are new to cyber security, consider joining regional, national or international cyber security networking groups.

#2: Research available frameworks and choose one that works best for your firm (or your industry)

No one wants to fail a compliance audit, but focusing on a checklist of ‘Dos and Don’ts’ to avoid an audit failure is a myopic solution that may not always work. Think ‘framework’, not ‘checklist’. Compare the various cyber security frameworks available such as NIST NCFS, ISO, CIS, Cobit, etc and implement the one that helps you apply appropriate control measures to suit your firm’s particular needs.

#3: Make cyber security part of your firm’s ‘language’

Cyber security cannot be a one-person show so make sure that everyone is held accountable for various aspects of your cyber security programme. Educate all employees on your company’s cyber security policies and best practices. Collaborate with other departments to identify issues, document policies and implement procedures. Get the buy-in of management and key decision-makers and then design processes to ensure that everyone is performing their respective tasks.

#4: Use a firewall, install anti-malware and enforce firm-wide password security practices

These may seem like obvious ideas but many firms miss them – to their detriment. Set up a firewall to provide a barrier between your data and cybercriminals. If possible, install internal firewalls to provide additional protection. Employees working from home might consider installing firewall software for their home networks to ensure compliance. Install anti-malware software on all devices and the network to mitigate phishing attacks. Be sure to also back up all data. Ensure that employees use strong passwords and change them regularly.

#5: Measure the results, share information and tweak the programme if necessary

It’s highly unlikely that you will find a ‘plug and play’ or off-the-shelf cyber security programme for your firm. Therefore it becomes even more important to measure as many aspects of the programme as you can and share that information with relevant stakeholders on a regular basis. Understand what you need your programme to do and what it can do, so you can measure its performance and make adjustments wherever necessary. Cyber security must be a dynamic process not an implement-once-then-forget-about-it item on a checklist.

Leave a Reply

Your email address will not be published. Required fields are marked *