10) High priority.
64% of businesses are prioritizing IT security above everything else and 80% of small and medium businesses rank IT security as a top business priority.
9) Bad news.
A successful cyber-attack can damage your company reputation beyond repair including financial losses, intellectual property theft and erosion of customer confidence and trust.
8) Out of business.
By 2021, cybercrime is projected to cost $6 trillion worldwide, and 50% of businesses suffering a data breach may shut down permanently, according to New York publication Cybercrime Magazine.
7) First steps.
Understand the risks, prioritize them, document and communicate. Deploy malware/ransomware protection to secure your endpoints and servers. Safeguard mobile devices and control their use. Create an incident response plan; assign responsibilities to all stakeholders involved.
6) Determine how much risk your company is prepared to tolerate.
Raise awareness of these risks to employees. Make it a regular agenda item and communicate regularly to ensure ownership and buy-in from management.
5) Invest in user awareness training and education to remind users of cyber-risks.
IT teams can look at investing in phishing simulation tools to break bad habits involving malware-laced email, web, text and phone scams.
4) Draft an official security policy.
Your overarching policy should be reviewed and communicated regularly to enforce adherence. Your policy should cover permitted device types, information types, applications, encryption and incident reporting.
3) Secure IT infrastructure.
Create and maintain (with use of automated tools) an inventory of every network device, users and applications on your network. Limit privileged access to only a few users; create generic access for all others.
2) Establish timescales.
Maintain devices and applications by performing regular updates and patches. Scan your infrastructure for vulnerable software and devices; plug vulnerabilities quickly as possible. (There are automated tools available).
1) Meet compliance requirements.
Businesses need to be proactive and look ahead on the calendar to all incoming regulations. Better to build a foundation for future efforts than to reactively apply bandages.