CYBER DEFENCE PLAN
Building your Cyber Defence Plan is a Matter of Business Survival
Take a close look at these 2 pictures.
Which one most represents your current protection against cyber-attack?
The one without airbags where your business would be decimated (no Defence Plan), or one with airbags where the attack happened but the damage was lessened? The inconvenient truth is that there is no 100% guarantee of cover or protection either from a product or a policy that can stop the carnage.
When buying a car, we always look for safety aspects before we purchase. When driving a car, we always wear our seatbelts for protection. To ensure our safety on the road we keep our car serviced, tyres changed, and our engines tuned. We turn our lights on in the rain or fog and we insure our car. Yet apart from insuring our business for all types of possible calamities or drawing up legal contracts that is often where our protection of our business stops.
Some of you would be sitting in the false sense of security thinking that you either have a cyber insurance policy or some form of software protection and that is all you need.
WRONG!
Here are just some of the components of what a fully-fledged Cyber Security Defence Plan would encompass
- 2 Factor Authentication
- Email Filtering
- User Training
- Strong Passwords
- Mobile Devices
- Data Security
- Asset Management
- Strong Firewall
- Offsite Data
- Backups
- Phishing Protection
- Security Policies
- Security Checks
- Data Encryption
- TFN
- Anti-Virus
- Security Role
- Response Plan
- Remote Access
- Web Filtering
- VPN
- Logging
- Personally Identifiable Information
- Patching
A lot of topics, right?
And a lot more is required to planning other than buying some one size fits all as it’s just not going to close the door on every possible entry point. Further it’s impossible to have a one size fits all when you may operate your business differently from another business who works in your industry.
Frustrating we know; therefore, you need a Cyber Security Specialist to look at your business and help you decide what you need according to the way your business is structured and operates. After all, you have invested in your business heavily and you wouldn’t do things half arsed in your business so why are you doing this in your cyber security protection?
This is what we believe to be the closest thing to a comprehensive strategy for your business.
6 PILLARS TO BUILD YOUR CYBER SECURITY DEFENCE PLAN
STRATEGIC PLAN
Only an IT Security Specialist can help you build a tailor-made strategic plan designed to find the current weaknesses in your Cyber Security Strategy, that also encompasses any new direction or growth your business is taking.
- If you’re building a house you don’t start with the hammer and nails, your start with a blueprint.
- If you’re driving long distance you have a map.
- If you’re baking a cake, you have a recipe.
- If you’re doing anything significant, you start with a plan of what the outcome is going to be.
The plan includes any constraints and requirements along with the high-level tools and building blocks needed.
So why do most businesses think that they can just ‘wing it’ when it comes to their cyber security. They falsely believe that “She’ll be right mate, we installed something years ago and my IT guy hasn’t raised any concerns”, or “I’m running my free anti-virus software so I should be covered, right?”
Wrong!!
Unless you have a strategy or plan in place and actively review this plan at least annually, you are asking for trouble and will end up like so many businesses where they get ‘hit’ and only then run around like geese with their heads chopped off wondering what to do and THEN they will wonder what they should put in place so it doesn’t happen again.
Why wait?!?
The first step is to conduct an audit to fully understand where your Cyber Security preparedness currently stands. Then a discussion on where the business is and any changes or new technologies considering to be implemented in the short to medium term.
Following this, a plan can be drafted which encompasses the above information so that the business can understand the changes required to become more aware, prepared and complaint
REPUTATION IS PARAMOUNT
We ensure that your reputation is protected, because within seconds of a cyber-attack, your reputation can be ruined when clients who entrusted you to keep their data safe find out, as Data Breaching Laws are now mandatory.
A Good Reputation takes years and a lot of money, blood, sweat and tears to build, but can be destroyed in an instant. I’ve seen this happen. Not pretty.
The best way to protect your reputation in the Cyber world is to not get hit. Easier said than done unfortunately, however a lot of things can be put in place to dramatically minimise the likelihood of being hit and then if you are, you need to ensure that private and confidential information is not readily accessible.
- Through thorough planning, a good layered wall of defence can be created to keep the bad guys at bay, but some are just intent on getting through the defences and in these situations, you need to be ready. Unfortunately, you can’t unscramble the eggs once they’ve been scrambled.
- Through tools, data protection, education and businesses processes, you can dramatically minimise the likelihood of letting the Jeanie out of the bottle and if she does get out, ensure that she can’t get access to critical data, which would otherwise require you to report to the authorities and your database and thus burn your reputation
KNOWLEDGE IS POWER
Human error or lack of awareness, accounts for most cyber-attacks on SME businesses large or small. Cybercrime is big business, with constantly evolving ways to find new ways to get their hands on your data and Knowing what NOT to do is arguably more important than knowing what to do, in the Cyber Security world.
But how do we know? Education.Or the school of hard knocks?
I know which one yields the best results at the best price point. Education, by a long, long way. Without education you have no idea whether to click on that link, whether to pay that invoice, or transfer those funds, whether to provide those details over the phone or email to whomever is asking, whether it is ok to send that information by the intended means to the recipient, whether to reply to that email, etc.
- So many things NOT to do. This is just the tip of the iceberg.
- So, how do we obtain this education? Great question.
We run a series of events, workshops, webinars, in-house training sessions, summits, association presentations and newsletters to ensure there is enough opportunity and something that works for everyone, so there is no excuse to not be educated.
Call us. Let’s discuss where you are at and what form of education will work best for your education, noting that in many cases it may be more than one.
ARMOURY IS A NO BRAINER
The sad truth is that the anti-virus protection you probably have installed may be completely inadequate in your protection against cyber-attack. We’ve aligned ourselves with trusted partners with cutting-edge products designed to give you maximum protection.
- What do you see when you cut an onion in half (besides the tears in your eyes)? Layers and layers and more layers.
- Well, your security needs to be an onion. Well, an onion with a bullet proof vest – or three.
Do police go into a hostile situation without their armoury? No. Vest, shield, gun, spray, baton, badge. They are prepared with multiple layers of defences.
The Internet is unfortunately a hostile environment, so protection is mandatory. You simply cannot rely on just one product or piece of security and think that you’re covered. You’re simply not. Too many people think that just because they’re running their Trend Micro or Norton anti-virus software (which are not bad products), that it is enough. It isn’t.It is massively better than nothing, which unfortunately I still see people doing. Why????
A cyber security armoury needs to be well planned, well-constructed and utilise appropriate products that will do the job. This is not to say that you need to use the most expensive component of everything, as clearly this is not practicable for small and medium businesses. Rather, cutting edge products that are cost appropriate for the SMB market are what we use to architect your solutions.
We engage with trusted partners who have cutting edge products in their space that won’t break the bank, to make it a no-brainer.
RECOVERY COSTS MONEY
Plan on the fact you are going to get hit, as there is no current bullet proof solution that exists anywhere in the world that will give you 100% protection. We work with you to save money on the recovery downtime, by drastically reducing the recovery time.
The average cost of recovery to cyber-attack on an SMB business in Australia is approx. $140,000. Let that one sink in for a minute.
Now clearly for that to be an average there are some higher and some lower than this number, but either way, she’s a big number. Recovery is so much more than simply paying a hacker an average of $2,500 for his Ransomware decryption key (and having a 1 in 3 chance you’ll never receive it…..
- There’s engaging a Cyber Security specialist to find out how they got in and shut the doors.
- There’s the cost of recovering your environment.
- There’s the downtime cost of staff loss of productivity and their wages whilst they can’t work.
- There’s the cost of lost billables, particularly for Partners, whilst the system is out of action? $4k plus per day per partner is not difficult.
- There are staff that leave because of being compromised meaning you have re-hiring and re-training costs.
- There’s the customers that leave, particularly if it was their data which has been compromised.
How much does that hit the bottom line? So, you can see how the costs quickly add up over and above the simple Ransom cost, so the best course of action is prevention and having a rapid recovery solution in place. Therefore, we are so strong on creating a Cyber Security Strategy incorporating a recovery plan.
Assume you are going to get hit and plan accordingly.
TRAINING IS MANDATORY
TRAINING IS MANDATORY
There is no point only you being aware and having your staff uneducated, as you are leaving yourself open to attack, so its important to try and build a strong “Security Culture” within your organisation.
Without nurturing a security culture, companies are leaving themselves open to immense risk. Though employees might be well intentioned, security breaches caused by employees are unfortunately very common. With greater awareness of Cyber Security and training around what constitutes secure modes of transferring private information, your company can reduce the risk of these incidences occurring.
The three keys to building this culture are:
- Build a strong awarness of the reality of Cyber Security
- Equip your staff with the tools and know how
- Explain legitimate and relevant examples of how it can go wrong
Cynosura run events, webinars, training days and newsletters to ensure that everyone is educated and prepared.
So, are you ready to take the first step in building your Cyber Defence Plan?
If you’re feeling overwhelmed, we get it. It’s okay click here for a 15-minute consult call about your business needs and we will make the too hard easy