64% of businesses are prioritizing IT security above everything else and 80% of small and medium businesses rank IT security as a top business priority.
A successful cyber-attack can damage your company reputation beyond repair including financial losses, intellectual property theft and erosion of customer confidence and trust.
By 2021, cybercrime is projected to cost $6 trillion worldwide, and 50% of businesses suffering a data breach may shut down permanently, according to New York publication Cybercrime Magazine.
Understand the risks, prioritize them, document and communicate. Deploy malware/ransomware protection to secure your endpoints and servers. Safeguard mobile devices and control their use. Create an incident response plan; assign responsibilities to all stakeholders involved.
Raise awareness of these risks to employees. Make it a regular agenda item and communicate regularly to ensure ownership and buy-in from management.
IT teams can look at investing in phishing simulation tools to break bad habits involving malware-laced email, web, text and phone scams.
Your overarching policy should be reviewed and communicated regularly to enforce adherence. Your policy should cover permitted device types, information types, applications, encryption and incident reporting.
Create and maintain (with use of automated tools) an inventory of every network device, users and applications on your network. Limit privileged access to only a few users; create generic access for all others.
Maintain devices and applications by performing regular updates and patches. Scan your infrastructure for vulnerable software and devices; plug vulnerabilities quickly as possible. (There are automated tools available).
Businesses need to be proactive and look ahead on the calendar to all incoming regulations. Better to build a foundation for future efforts than to reactively apply bandages.