Cyberattacks, data breaches are amongst the most pressing problems CISO face across the companies (small, medium or large) around the world. Yet despite the incidents being reported more frequently and more awareness about the danger there usually is a lacuna which causes havoc.
There are simple protocols which must be followed all the time to maintain safety, prevention is the only cure.
Here are 5 important points to keep in mind-
- Having no back-up plan at all- It is important because attack can happen to anyone and at any time. When an attack happens, you must go through the steps of blocking unauthorized access, blocking malware, closing ports or exchange servers, changing passwords, firewall filtering, and on and on. It requires substantial time (read days) to complete the process and it is important that during the process there is response team which is much beyond just the IT, the business should go on as usual with alternative working arrangements.
- Trying to do it all on your own- There is a shortage of quality information security experts and collaborating with a managed security expert is a sensible step.
- Believing that Attacks are fanfare sort of event- Attacks don’t happen out of the water. A hacking might happen weeks or months before the real attacks is carried out. The hacker would also disguise as an ethical entry into the system. A very good early warning system becomes really useful in this situation.
- Failing to run regular test and trainings- Regular vulnerability tests, security awareness training is a good start point to make security a part of the company culture. When everyone in the company understands the repercussions,there is a more secure environment with less chances of breach.
- Not backing up data regularly and not updating the security software’s- This might sound cliché but a lot of security professionals miss out on the regular backup on regular intervals since the event of attack is a red-swan event which might occur once in 5 years or so. Hence there is a lack of urgency which can be a problem if that one day happens just before the backup is due.
All the mistakes can be avoided. This way companies can improve the probability of being secure online. It is impossible to stay away from internet as lot of businesses are moving to cloud and remotely logging in from multiple devices. Hence small good practices can go long way!