According to a recent survey by Expert Security UK, a specialist in security systems, almost a third of the UK public is unaware of the security policies implemented by the company they work for.
This should come as no surprise after the recent news of the global Petya ransomware attacks from Ukraine and the NHS “WannaCry” cyber attacks. For companies, the consequences are obvious: It is imperative that they implement a robust safety culture and ensure that their employees adhere to it
Danny Scholfield, Managing Director of Expert Security UK, and a team of business experts have put together some pointers to find out how business owners can encourage employees to be on the safe side and put in place robust processes to protect the company.
1. Be transparent with the team
Build trust and secure buy-in from your team by sharing your goals and communicating clearly about the processes you are implementing to achieve them. This level of transparency is key to building trust, according to James Hall, Creative Director at HeX Productions. “To ensure that all employees adhere to security guidelines, they need to understand the importance of procedures and protecting customers. In all the websites we create, developers incorporate firewall and virus settings and ensure that user policies are strict to ensure strict security. We also test and monitor these firewalls to make sure access is restricted, ”he says.
“Implementation procedures are simple. Ask your website developer or hosting company what protection you have. Disaster recovery is essential just in case the worst happens. We make sure that all the websites we develop are secured in three locations around the world. It's also worth checking how many people have access to the development page. "
It's very easy for companies to improve security, Hall said, and the point is to ask if they're not sure. "Don't always go for the cheapest developer as they may not be as secure as those who charge a little more."
2. Use the right tools for the job
New techniques, harnessing the potential and power of increasingly advanced technologies, pose a major threat to business security, and the consequences can be devastating. Organizations should take steps to understand which tools are available and best suited to improve security and combat threats.
David Pinches, Marketing Director at Oak, recommends a single sign-on for users and systems managers with varying degrees of secure access. “A major technical and cultural problem is setting up a single sign-on environment in which access to all business applications is managed through the Microsoft Active Directory system. For example, our Oak intranet system, used in organizations of all sizes, is often deployed as part of the overall Active Directory infrastructure. Therefore, employees simply log into their network at the beginning of the day and don't have to log in to applications with similar capabilities, ”he explains. “This reduces the risk of multiple logins to many systems and different levels of secure user access. It provides quick profit to users and system managers. "
For Harshini Carey, Regional Director at Neupart, the key is to invest in a tool that lets you stay in control. She explains why it is important for entrepreneurs to have a clear overview of all necessary processes. “Information security management and data protection must be part of the foundation of an organization. But how do you integrate the right processes? The key is the overview. "
"You need to have a clear overview of all the processes required: who is involved in each process and what stage are they at?" One of the best ways to do this is to do a gap analysis. Find out where you stand on security standards like GDPR and what areas you need to improve to be fully compliant. Instead of viewing this as an annual task performed by an outside consultant, it is best if you invest in a tool that gives you continuous control and a better understanding of your company's compliance. "
3. Don't forget about physical security
With known cases of digital threats and your smartphone never far from your mind, it's all too easy for businesses to neglect physical security.
For Danny Scholfield, Managing Director of Expert Security UK, this should continue to be assessed and improved as part of the company's plans to implement an effective security culture. "As we move forward, it is imperative that we use all possible methods to our advantage. This means being open to new solutions (provided they are fully tested and working) and ensuring that there is a balance between physical and cybersecurity", he says.
“There are many new solutions for companies to prevent security breaches – from double-folding speed gates and crash-tested bollards. With advanced technology and increasingly sophisticated techniques, it is critical that companies stay one step ahead. "
The real cost of a cyber incident: business interruption