How can companies minimise security risks?

By: Leo Evans

Date: 26 June 2019

Business growth in the UK remains sluggish, which can be attributed in part to the continued uncertainty around Brexit. In addition, businesses are facing growing security-related issues, particularly cyber crime. Hackers are increasingly targeting companies that store large volumes of customer data and battle to shore up security measures is intensifying.

Data privacy laws

As technological advancements continue, countries across the globe have come up with stringent data privacy laws. All businesses need to adhere to these rules.

Data protection rules require you to protect the sensitive personal data relating to any identifiable person. This could include a person's name, date of birth, contact details, financial information, IP addresses etc. You need to abide by the law when storing such personal data. Companies in the UK must abide by the EU General Data Protection Regulations. If you trade internationally, you will be subject to the data privacy laws in those countries. For example, the specific rules that apply in different states of the USA or the Privacy Act 1988 of Australia.

Data breaches

Businesses have witnessed increasing data breaches. Hackers are targeting companies with the sole aim of committing fraud. Hackers understand that many companies have gaping loopholes in their cyber security and look to exploit those gaps.

To protect your customer's data from cyber criminals, you need to ensure that your credit card technology meets EMV standards. You should carry out a periodic review to ensure compliance with Payment Card Industry Data Security Standards (PCI DSS). You should also consider whether you need cyber insurance to protect you against the considerable costs associated with any data breach.

Data breaches - How serious is the problem?

The Cyber Security Breaches Survey 2019 showed that 32% of businesses had identified a security breach in the previous 12 months. The average annual cost to business that lost data or assets as a result of a breach was £4,180. Of those businesses who had identified a breach, 48% had identified at least one breach or attack per month, 27% took up employee time dealing with the breach and 19% found that the breach prevented staff from working.

How do I prevent security breaches?

You need to be process oriented. Most cyber attacks occur due to a breach of internal policies. You need to implement robust IT policies across the organisation. To start with, reboot your approach to cyber security.

Assess. First, you need to assess how robust your internal policies are. Are the current systems able to protect you against organised cyber crimes? Test your IT systems against simulated attacks. It will give you first-hand knowledge of how resilient your systems are against such attacks.

Invest. Technology moves fast. Unless you innovate you will get left behind. You need to stay ahead of the attackers. Invest in a robust cyber security platform before it's too late.

Build. Allocate responsibility for cyber security to specific people in your team. However, make security everybody's business. Some breaches are detected by employees. You need to build on your experience and learn from your past mistakes.

Formulate a security framework

Identify critical assets. If your business relies on its data, you need to identify which assets are vulnerable to cyber attacks. This could be your financial information, customer demographics, supplier details, employee records, etc. Next, you need to identify where that information is held.

Assess your cyber security measures. Assess the state of your existing security measures. Benchmark it against your peers. Create scenario-based models to check how your systems would cope in the event of a breach. Next, create a risk profile of the information you need to protect.

Implement security controls. Based on your risk profiles, you need to install controls to protect your information. When developing your controls, you need to ensure they do not slow down existing agile business processes. You also need to consider how existing controls may need to adapt to any changes you are implementing. For example, if you are planning to move your information to the cloud, other controls may need to kick in. You need to set up controls that reflect the limited resources you have at your disposal.

Periodically review processes. Undertake a regular risk assessment of your cyber controls, assess the threats and ensure the critical functions are still protected. The risk assessment process should be able to evaluate digital risks and expanding threats across the digital enterprise. Technology, and the tactics used by hackers, are constantly evolving so you need to ensure your controls are still up to the job.

Reporting of risk exposure. You need to collate the data and create a report based on your assessment of processes. It may pertain to:

  • the latest threat intelligence
  • known breaches

This report will form the basis of your feedback to improve the cyber controls at your disposal.

Focus on cutting edge technology

As technology continues to progress, how can your business keep up or ahead of developments? Let's look at the technological advancements your business might want to consider.

Cloud software

Of late, many businesses have thrown caution to the wind and have opted for cloud software. Uploading your data to the cloud is a cheaper option for businesses.

Online sales

Many small firms are increasingly partnering with online intermediaries to improve their sales. They are also using data on historical customer behaviour to improve their chances of selling more products.

Using blockchain

Businesses are increasing using blockchain technology for smart contracts. It reduces the processing time of repetitive contracts.

Internet of Things

Networked devices can facilitate preventive maintenance and minimise accidents. You can also analyse data to get insights into customer behaviour.

How can I minimise security risks?

You need to have robust internal IT processes that detail which employees have access to the different company data sets. Monitor all access information and block all ports in the network where malicious software could be inserted into the system. You also need to ensure you have a stringent password policy and critical information is encrypted.

You need to adopt appropriate security controls that reflect your perceived risk factors. If you have data that travels between you and your customers, you should consider an Extended Validation SSL Certificate (EV SSL) – the highest form of SSL Certificate. An EV SSL certificate will secure any data or information transmitted between your server and the user - establishing trust among your customers.

There are many different SSL providers including SSL2BUY - one of the industry leaders. Your website will have to pass a standardised identity verification process to prove exclusive rights to possess a domain name and confirm its existence with a third-party database.

In the event of a cyber attack, it may cause significant losses to your business. You should assess which risks you can avoid, control or transfer. If you want to transfer risks, you could get cyber insurance cover.

Copyright 2019. Featured post made possible by Leo Evans

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.