The entire network of users should be aware how to protect the business from being cybercriminals’ low-hanging fruit. Source: Shutterstock

The entire network of users should be aware how to protect the business from being cybercriminals’ low-hanging fruit. Source: Shutterstock

Here’s how organizations can get started with cybersecurity

EACH YEAR, the importance of cybersecurity is reiterated in one report or another and business leaders engage in multiple discussions to further strengthen strategies and amplify the efforts of IT teams in the organization.

In many ways, cybersecurity is a critical part of the boardroom’s digital transformation agenda and covers all aspects of business, from operations to finance, as everything is driven by data, connected by systems, and vulnerable to internal and external threats.

Sometimes, business leaders overwhelmed by cybersecurity are slow to make progress on their digital journey and risk falling behind competitors.

According to Zurich VP of Cyber Risk Engineering Gerry Kane, that’s not a good idea. In a recent blogpost, he pointed out that just a few basic security practices can help organizations get off to a good start and turbocharge their digital ambitions.

In fact, in most cases, the emphasis is always on laying a strong foundation for a good cybersecurity program.

After the SingHealth breach, for example, the review only provided recommendations rather than offer strong cybersecurity practices to the health institution despite it being one of the nation’s most severe cybersecurity breaches leaving personal details of the Singapore Prime Minister as well as 1.5 million other people exposed.

The breach began when a single SingHealth front-end workstation was infected with malware, which goes to show that each endpoint of a business must be safeguarded by at least the most basic cybersecurity.

For organizations looking for advice on taking the first steps to cybersecurity, here are some steps Kane shared in a recent blogpost:

#1 | Have a full inventory of IT assets

To protect company assets, a business needs to know exactly what those assets are and what they are connected to.

By having a full inventory of IT assets as well as its purpose and connectedness, the mapping of cybersecurity measures will be more complete and accurate.

It is vital to begin any cybersecurity program with all endpoints identified as the whole system is only as strong as its weakest link.

#2 | Couple the inventory with a vulnerability management system

Upon having an inventory, each endpoint should be assessed for vulnerability status periodically, so that patches can be as up-to-date as possible.

When a vulnerability is unpatched, it exposes the whole company to exploitation. This really emphasizes the concept that a whole system is only as strong as its weakest link.

So, vulnerability scans are recommended to be hosted as frequently as possible.

#3 | Make cybersecurity a team sport

Cybersecurity risks pervade every arm of the business as technology is finding fit in possibly every business function there is.

Not only should scrutiny on vendors be of top priority but also constant awareness and training programs for all users from the logistics room to the receptionist counter.

This should cover the entire network; employees, contractors, vendors, and customers, to protect the business from being cybercriminals’ low-hanging fruit.

#4 | Never stop monitoring

Change is the only constant and businesses will need to be prepared for advancement in the quality of cyber attacks too.

The only way to ensure top-notch cybersecurity is to always be vigilant and never stop monitoring the system.

Given any anomalies in log data reports, businesses should single the cases out to probe and investigate in case of it becoming a threat.

#5 | Plan for incident response

There will be no better way to prepare for a cybersecurity breach than to assume that everything will go south.

It is critical for businesses to plan for an incident response so that the responsible parties can handle damage control in the event that a cyber attack happens.

Instead of pointing fingers in the boardroom, it will be useful for everyone involved to have a ‘manual’ that will help the business navigate out of the breach.

Cybersecurity is not optional in this digital era. Any business that plans to scale the digital maturity curve will have to consider this as part of the journey.

In the end, it is indeed better to be safe than sorry.