Focus on hackers not cyber insurance.
With fines of up to 4% annual revenue for breaching Europe's General Data Protection Regulation (GDPR), companies are taking out cyber insurance in their droves. Whether insurance covers fines or not, focus should be on staying compliant and taking hacker threats more seriously than ever before.
The best way to protect against cyber-attacks is by maintaining a trusted information security management system (ISMS) that follows ISO/IEC 270001. Having such a system keeps your information assets secure. The International Standard covers off on people, processes and IT systems by applying a risk management process. If you cannot take such a systematic approach, then here are a few tips to help ward off a cyber-attack.
Lock down computer equipment and make data unreadable Secure your server rooms, use anti-theft systems on your desktops/laptops and register your mobile devices for cloud tracking. Make sure data is encrypted while it flows over public/private networks (emails) and in storage (disk).
Run a “hacker” workshop with your team and implement findings Place yourself in a hacker’s shoes, someone who would exploit any ‘door left ajar’ to your systems. Run a brainstorming workshop with your team and identify as many points of weakness, both internal and external. You’ll be surprised at how many extra door locks your team can come up with.
Remind staff regularly about cyber-attack threats to drive cultural change Regular communication with staff (emails, IT guest speakers) about behaviour and threats are a great way to reinforce your company’s Internet policy and embed a security culture within the workplace.