In today’s time, How to mitigate Cybersecurity Risk has became an interesting “topic” where many corporate organisation has become a primary target of cyber-attacks.
Risk Management has become the key pillar of focus in many organisation, not denying that there are also investing lot of efforts in mitigating the organisation risk on PEOPLE, PROCESS and TECHNOLOGY.
Frankly, with anti-virus and firewall alone we’re not playing a proactive role in curbing the risk, because the primary target are the people employed in the organisation.
1. Invest on Assets
This by means having the right tools to support the initiatives to mitigate and be a safe working environment within the organization. For those who don’t have the budget or your organization is too small for this investment, you may consider the FREE software. It is highly recommended to take up offers by reputable brands such as Kaspersky Anti-Virus or AVG. Better still should your organization able to purchase their license or use paid version.
2. Invest on People
The key to mitigate cybersecurity risk is to overcome the CURIOSITY of human. There is a funny statement which most of the IT experts will quote: “When I Say Don’t Click, Only Then the User Will Click to Find out Why I Say That!! … What else I can say?”
Statistic proves that 12%-14% of the cybersecurity risk is actually originated employee’s negligence and lack of Cyber-Security awareness. Some large organizations spend millions just to create awareness to the employees globally so that they can prevent risk to the organization.
Here are some areas, that organization may invest cybersecurity awareness:
- Kaspersky Cyber-Security Awareness
- Menlo- Isolation Platform to be in preventive mindset and in Isolation mode.
- and Internal Awareness on the followings :
- Security Essentials – embarked on training on the basics of the cybersecurity. Educating employees on common threats and mistakes in the daily life.
- Security Essentials – Recognize and avoid threats that might met by your team at work and at home.
- URL Training – trains employees to learn on how to look at a URL, understand the origin of the link, and find fraudulent or malicious URLs.
- Email Security – your employee should learn to spot phishing traps in emails and recognize fake links, attachments and information.
- Anti-Phishing Phil – teach employee on how to check a URL, understand the origin of the link, and find fraudulent or malicious URLs.
- Anti-Phishing Phyllis – educate employees to spot phishing traps in emails and recognize fake links, attachments and information.
- Password Security – create a list of tips and tricks to create stronger passwords, to use a password family to aid in password recall and to safely store passwords.
- Safe Social Networks – Social network is good but always educate your employees about types of “impostors” that can be found online, implications of very public social networks, and how to spot scam messages on social networks that classified as “very dangerous”
- Protecting Against Ransomware – always educate your employees on how to recognize and prevent ransomware attacks.
- Mobile Device Security – Teach your employees how to secure their smartphone from theft, create PINs, keep communications private, and avoid dangerous apps.
- Mobile App Security – Learn how to research app components and the implications of dangerous permissions, which can help them judge the reliability and safety of mobile applications before downloading.
- USB Device Safety – this as an often-overlooked threat. Employee should be aware of the risks associated with flash drives and other IOT items powered via USB ports.
- Physical Security – Awareness on this area is equally important to prevent and correct physical security breaches, and get the best practices that will help keep employees, office and assets secure.
- Security Beyond the Office – keep educating your employee about using free Wi-Fi safely, risks of using public computers, and safeguards for company equipment and information at home and on the road.
- Safer Web Browsing – do frequent website content simulation with your team on how to avoid malicious virus pop-ups, the importance of logging out of web sites, form auto-complete risks, and how to spot other common website scams.
- Social Engineering – Get your employees learn to recognize common social engineering tactics and practical tactics to avoid attacks and get insight into how social engineers think.
- Personally Identifiable Information (PII) – Educating your employees about the different types of PII, guidelines for identifying, collecting, and handling PII, actions to take in the event of a PII breach and tips and techniques for improving overall PII security.
- Payment Card Information Data Security Standard (PCI DSS) – do take the initiatives to understand PCI-DSS requirements, identify PCI-DSS compliance, manage records and accounts as well as to recognize and act upon security breaches. – CREDIT CARD information need to be secured!!
- Data Protection and Destruction – educate everyone in your organization about the different types of portable electronic devices and removable storage media, the pros and cons associated, best practices for securing these devices and securely disposing of data.
- Travel Security – create awareness on how to keep data and devices safe when working in airports, in hotels, at conferences, and in other public spaces.
3. Direction from the Business
When comes to cybersecurity risk mitigation, business stake holders need to take the responsibility that Cyber Risk is something not to be tested till it attacks or HIT your infrastructures.
Thus, it’s always better to be in PREVENTIVE mode to make sure your business infrastructure and facilities always secured. As stake holder, the investment in mitigating cybersecurity risks no longer an option but a necessity for every business.