You can turn your employees - including directors - from your weakest link to your first line of cyber defence.
"It’s positive that cyber security is now front of mind for Boards and business leaders, but concerning that many are still not equipping themselves with the right knowledge to respond when the worst does happen. Cyber attacks are now an everyday reality and it’s the responsibility of business leaders to make sure they’re prepared.”
- Zubin Randeria, PricewaterhouseCoopers
Do your company directors lack cyber security training?
The government has warned the UK’s top businesses are ill-prepared for the growing risk posed by cyber-attacks, with a new study finding one in 10 FTSE 350 companies are operating without a response plan being in place for a cyber incident.
Over half (54%) of company boards cited cyber attacks as a top risk to their business and a similar number (53%) are setting out their approach to cyber risks, up from 33% last year.
However, more than two thirds of boards had not received training to deal with a cyber incident (68%). Less than a third of Boards of Directors (31%) receive comprehensive cyber risk information and only 2% said they have received comprehensive training.
These figures from the Government's annual FTSE 350 Cyber Health Check, provide insight into how the UK’s biggest 350 companies deal with cyber security.
Digital Minister Matthew Hancock said recent high profile cyber attacks such as WannaCry showed “devastating effect” of breaches. “Recent cyber attacks have shown the devastating effects of not making sure that our approach to cyber security is right. The new reports that have just been issued show that we have a long way to go until all of our organisations are adopting Best Practice," he said in the study.
Do your employees lack cyber security training?
Your employees can be your weakest link.
The Ponemon Institute's Data Breach Resolution survey showed 55% of businesses suffered a data breach or security incident in 2016 due to malicious or negligent employees. It's clear that employees should be properly versed on cyber security training, including simple points such as not divulging passwords or login details.
Employee training can involve teaching how to use their business devices and systems for maximum security. Every device should be protected with up-to-date and reliable security software to block attacks - but you can also make VPNs (virtual private networks) mandatory for users on mobile devices. With VPN software you can ensure that your users always have a secure connection, whether they are at home or using a free Wi-Fi hotspot, across the world..
Each employee and third-party user should have access only to the minimum amount of business data that is required to do their job. So if they unintentionally cause a breach, you’ve automatically limited the damage. Regularly review levels of access.
Even once access levels have been considered, you should take measures to encrypt all your business data, whether it’s stored in a database, on a laptop, or on a mobile phone. That way, if data is stolen, it is unreadable to cyber criminals.
Two-factor authentication adds a secondary level of protection to logins and transactions. Users are required to enter a password and one-time code, which can be generated by an app, physical device or sent via SMS. If a user’s password is stolen, hackers still won’t be able to login to user systems, providing optimal network security.
A robust backup system lets you restore data after an attack, or after data loss.
Employees - including directors, who are a top target for hackers need to be trained on cyber security and defence and data protection laws and the changes coming with GDPR and other regulations such as MIFID II.
This is often delegated to HR or IT. But it is not fair to expect managers with daily responsibilities to also become cyber security experts when that job is becoming harder.
That’s where we can help.
At Telefonix, we identify vulnerabilities in your business and recommend the right cyber security solutions. We provide the right level of cyber security training needed for everyone at your company.
So we help you turn your employees - including directors - from your weakest link to your first line of cyber defence.