Page 66 - 网络警告2017年8月
CYBERSECURTY CULTURE IN YOUR BUSINESS: 10 STEPS TO CREATE IT By Vera Salauyova, PR manager at Falcongaze company The number of cyber attacks is growing rapidly and headlines these days are all about more and more sophisticated data security threats. Cybersecurity incidents always result in huge financial and jobs losses, reputational damage as well as civil litigation. Take a look at the statistics of Kaspersky Labs: 90% of companies have already experienced data breach with an average cost per incident of $3.6million. The Ponemon institute adds that 27.7% of businesses surveyed will likely suffer one more breach in the next two years. Despite these frightening numbers, companies still neglect basic cybersecurity rules and leave their systems and confidential information extremely vulnerable. Indeed, in the present situation it is impossible to stop hackers but there is a mixed approach to data security which combines data management, principles of information security and information governance. This approach will help to create cybersecurity culture in your business and it consists of ten key steps to take: 1. Never cheap out on technologies and training First, train your employees constantly, deploy DLP software and establish business processes and subprocesses properly. This will help you to avoid huge financial losses connected with incident response and remediation. It will also reduce the fine imposed on your company, costs of lawsuits and soften reputational damage. Never conceal the fact of a breach and immediately report it to the authorities. Act decisively and coherently because inaction only increases damage after data loss. 2. Examine and use Information Governance best practices Compliance, Governance and Oversight Counsel together with Information Governance reference Model Guide have recently developed Information Governance best practices. To completely protect your data, study these practices; identify your data, its value, location and users with access to it. Then protect only really valuable information in your organization and delete data that you don’t need. 3. Don’t live by compliance alone Meeting compliance requirements is essential in cybersecurity but compliance-only mentality is totally ineffective in modern constantly changing cyber threat environment. It won’t reduce the risk of cyberattack and help to improve incident response. 4. Call on all possible resources Not only top management and chief information security officers are responsible for quick incident response. Engage all the members of your staff: human resources, communications, information technology and security teams. Working together is therefore a core factor of success. 5. Be aware of third-party threats Any business consists of a chain of technologically independent computer users so any computer of this chain can be used to exploit others to which it connects. Any contract you sign with third- parties must include rights, obligations and possible penalties related to using, spreading and securing sensitive information. Collaboration in attack response must also be governed by legal principles. 66 Cyber Warnings E-Magazine – August 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide.