The large number of high-profile hacking incidents that have happened over the last couple of years suggests that security breaches are simply part of doing business in the modern day. While short-term implications such as data loss can vary from case to case, in the long-term hacking incidents nearly always result in significant reputational damage.
Aside from the obvious financial and time costs associated with a security breach, the threat to an organisation’s credibility is particularly severe. And given the volume of customer data that many companies now hold, if a company gets a reputation for being unable to properly protect this information, it makes winning back a customer’s trust extremely difficult.
To build up their defences and protect themselves, businesses need to have a clear, well-defined IT security policy which takes into account trends such as “bring your own device” (BYOD) and cloud computing, as well conventional factors such as passwords and employee training. If this policy is adequately formulated and implemented, businesses have a much higher chance of achieving enduring IT security success.
The importance of passwords
There have undoubtedly been many advances in computing security over the last few years, but the password is still the first line of defence against cyber-attack. However, research recently conducted by Siber Systems found that poor password practices employed by staff are leaving businesses vulnerable to attack.
The research showed that almost half (42 per cent) of respondents write their passwords down to keep track of them, and almost three quarters (73 per cent) allow their browser to remember their passwords for them at least some of the time.
To better prevent outsiders from undermining an organisation’s IT security standards, employers should require employees to use a unique password for each respective application or website, as well as change those passwords frequently. Weak passwords, such as those containing dictionary words and all lowercase letters, can be breached in a matter of minutes. The most effective way for businesses to address password security is to train their employees to create strong passwords, and encourage them to change them regularly.
To help employees keep track of many different passwords, employers can provide them with a password management solution. This way, staff are able to automatically create and change secure passwords with just one master password to remember.
Accounting for BYOD
The BYOD trend is one that appears to grow by the day, particularly in small and medium sized businesses, where the flexibility it offers can be particularly beneficial. Many organisations are keen to make use of the potential gains in productivity that it promises, but should also be aware of its vulnerabilities.
Since it is the responsibility of employees to keep software up-to-date on their personal devices, as well as putting in place their own security practices, it is near impossible for organisations to maintain any meaningful oversight. If staff do make use of their own phones and tablets for work, businesses need to make sure that they are accessing company IT systems in a safe and secure manner.
Protecting the cloud
The advent of cloud computing is another consideration for businesses aiming for high levels of cyber security. The cloud brings with it enormous potential benefits, such as the ability to scale up quickly without the need to invest heavily in infrastructure, but there are also security factors to think about.
While the cloud itself isn’t inherently dangerous, the shift to the cloud can expose an organisation to risk. Added to this, as cloud services continue to become more and more popular, they are increasingly a target for hackers.
Businesses should make sure that their cloud provider is both secure and reliable, as well as ensuring that any applications are as protected as possible.