Save money by investing in cyber security systems

Data breaches affect businesses of all sizes, and across various industries. The bottom line is that cybercriminals are not picky, and where vulnerability exists, hackers will eventually find it.

To most businesses, data storage and handling is going paperless, and most physical supervision roles have shifted to online where productivity is monitored through online data tracking.

This means that most of a company’s data, including employee, client and other stake-holders data can be accessible online.

Unlike five years ago, there is an increased need for companies to protect their businesses against cyber-crime and data theft.

Banks, telecommunication companies and other financial institutions are increasingly moving towards cloud storage.

This has made data security to become increasingly complicated, with companies now spending a significant part of their IT budgets on security.

Data security breaches have become the new common wave of crime being experienced by companies in Kenya today. It is estimated that Kenya loses Sh2 billion annually to cyber-crime — with a growing young population of IT savvy criminals who infiltrate the networks that host businesses and client data.

When a business organization becomes a victim of cybercrime: client documents, contact lists, employee information, company banking information, servers, and computer access information — all these are no longer confidential.

With this, cyber criminals are able to access payment card numbers and data, authentication credentials, medical records, classified information, bank account number and transaction data, and personal information.

This is a serious breach that can easily make a business organisation lose confidence before its clients, suppliers, shareholders, potential investors, and the market.

Companies that understand how bad this can impact their businesses are increasingly investing in cyber security prevention. ; including staff training, establishing firewalls and securing virtual private networks.

These measures in isolation are not sufficient to protect against the growing scale of cyber-crime. Thus, companies remain vulnerable as both technology and cyber criminals become more sophisticated. So what exactly should companies be doing to manage their cyber risks?

ASSET INVENTORY

Companies can counter this, by conducting a cyber-security audit across their several internal departments, especially IT. A cyber security audit helps companies to first identify the assets that need to be protected. Conducting an inventory, classification and risk assessment helps businesses to know these assets, their locations and value.

This informs any decision on the amount of time, effort or money to be spend on securing these assets.

An inventory informs businesses on existing loopholes from where a cyber criminal might access crucial information. This helps to break down the security into manageable areas and ensure that all are adequately protected. This should be supported by a business continuity plan that states how a company can be able to keep parts of their business running and limit the damage in case of an attack.

This helps to ensure that a security breach in one part of the business will not affect another and that data is backed up in another location so that it can be accessible again.

SECURITY CONTROL SOLUTIONS

Businesses are going ahead to formulate an IT security policy with guidelines around security updates, passwords, home working, social media and use of personal devices at work.

This should cover use of the internet, email and telephones, but more importantly, the consequences for their misuse. This is reinforced by installing high security firewalls that protect both internal and external company networks from attacks.

Anti-virus software that addresses a company’s specific needs should be implemented on all systems and backed-up with encrypted data, and robust passwords.

Methods used by anti-threat software developers mirror those adopted by hackers. This can be difficult, but by running modern operating systems that are regularly updated company can take advantage of the protection of updated security features.

Regular risk assessment will also help to respond to changing security requirements and improve internal controls.  Most importantly, companies need to hire consultant cyber security specialists who can advise not only on how to deal with a security breach and how to get back to business, but most importantly how to help prevent this in the first place.

Investing in cyber security is a great investment and helps companies to improve on their business continuity plans.