Your cybersecurity strategy

Key considerations to include

As an organization increases its reliance on IT through digital transformation, the threat of cyber attacks grows. In the Middle East, a 2017 study by Siemens and Ponemon Institute found that cyber breaches often go undetected, with many of them targeting operational technology (OT) assets that control industrial processes and infrastructure.

With hackers becoming more innovative and using tactics that are constantly evolving, having a robust cybersecurity strategy is crucial. Without one, a company’s finances, reputation, and even its people are under threat.

Start by examining where your organization is most vulnerable in terms of cybersecurity. Common attacks include direct theft of data through hacking, spam emails and “phishing” attempts – where cybercriminals try to steal sensitive information such as passwords and credit card details.

Implement the countermeasures

Once you’ve identified the assets you need to protect, consider the following three key areas:

People

• Provide employees with access control tokens such as ID cards (RFID) or even smartphones (NFC).
• Develop permissions and access privileges that define allowable actions of employees when printing or scanning information.
• If visitors need to access devices, ensure their access is managed based on the nature of their visit, or who they’re meeting.
• Develop a cyber-incident response plan, including key roles and responsibilities.

Documents and data

• Flag, block or restrict sensitive documents and information based on an employee’s role or access level.
• Use secure watermarks on proprietary information.
• Ensure company data and images are encrypted when stored.
• Securely dispose of any documents left in recycle bins.

Devices and network

• Create clear guidelines for the creation, storage, and expiration of passwords. A strong password uses a mixture of letters, numbers, and symbols.
• Limit access to your network from work devices that are used in public Wi-Fi areas such as cafes and airports.
• Hard drives and removable media such as USB sticks should be encrypted and routinely wiped. Additionally, any records that must be kept – for example, as an ‘evidence trail’ – should be stored in a location (on-site, off-site or online) that is secure and unable to be penetrated by outside parties.
• Set up devices to release/process jobs only when the employee is authenticated.
• Decide how often software patches and updates will be rolled out, and who will take responsibility for them.
• Create a data-backup strategy to protect against data loss.

Educate your people

People are both your strongest defense and weakest link when it comes to cybersecurity. A recent study by the International Association of Privacy Professionals (IAPP) found 92.5% of cyber incidents and 84.7% of data breaches are unintentional or inadvertent. Even the best firewalls and VPNs won’t matter if your employees don’t understand the importance of cybersecurity and take personal responsibility for it.

Cybersecurity training should focus on how employees can avoid common security breaches, such as sharing passwords or using unsecured USB devices. It should also show how to recognize the common scams and tricks cybercriminals use. And don’t forget about your contractors and service providers – with cross-company collaboration on the rise, it’s easy for non-employees to walk away with your data.

Cybersecurity threats are constantly evolving. Outdated technology cannot only hamper productivity, innovation and customer experience but also open up your organization to major cybersecurity risks.

Make sure your team is always monitoring news and trends on cyber threats and countermeasures. For a fresh perspective and to stay ahead of the curve, look at industries outside your own for forward thinking strategies.