Everyone Works in IT
In the past, the biggest security threat to a company was “Did someone lock the gate at home time?” As business and technologies have changed the traditional “home time” checks have changed too.
Modern business hours are 24×7, always open, meaning the gate never gets locked. This brings with it a new set of challenges such as a requirement for always-on protection for your business information system.
How to deal with this change
These challenges should not the responsibility of a single individual or department. Modern IT should be a company-wide approach. In essence, everyone now works in IT and therefore everyone from the CEO to the mail person has a responsibility for their individual online behaviour and therefore the IT Security of the organisation.
Data integrity and security is of paramount importance and should be embraced by every level of the organisation from the CEO all the way down. Employees should be trained on information security and IT security awareness and it is important that this training must be an ongoing process.
The cost of a ransomware attack or any similar cyber-attack goes way beyond the initial immediate impact. For instance, the recent Petya ransomware outbreak is costing British multinational consumer goods company, Reckitt Benckiser over £100million in lost productivity and downtime alone, they have also issued a sales warning as a direct result.
This is why it is so important to know that modern threats such as ransomware (Petya, Wannacry etc) are easily prevented if the correct protective steps are in place ahead of time.
These steps include:
1. Network security (Anti-virus, Anti-Malware, Firewall, DNS periphery protection, patching) as discussed in an earlier blog from my colleague Niall Rogers.
2. Backups for all core systems (local and cloud), more here.
3. Test these systems, internally and externally and at least bi-annual drills. Test the plan, Make sure the plan works. You don’t want to find out when it’s too late.
4. Train your team on information security and security, help them help the company.
5. Promote awareness, don’t persecute. If a breach occurs, then time is of the essence, encourage the user to put their hand up and shut their PC down.
6. Disaster Response and damage limitation plan, technical and business cases. Keep your head when all others are losing theirs.