Risk management diagram

Cyber Security – Will Our Risk Decrease If We Have Fewer Devices?

This is a good question but I don’t think it’s immediately a cyber security question. There is definitely a correlation between the number of devices you have to manage and potential risk. And it’s possible there’s a cost savings by having a laptop instead of multiple devices as there are fewer computers that need to be serviced. But I think your actual cyber security risk goes up when you give people mobile devices. Laptops can be used in many unsafe places and their versatility might actually increase security problems.

The real answer is the educational one. If people make the right choices, then cyber security risks can be minimized.

Here are some pointers to help you create an action plan to strengthen your company’s defenses against hackers:

1) Failure to cover cyber security basics – software and operating system updates

2) Not understanding what generates corporate cyber security risks

3) Lack of a cyber security policy

As part of their cyber security policies, companies should:

  • identify risks related to cyber security
  • establish cyber security governance
  • develop policies, procedures and oversight processes
  • protect company networks and information
  • identify and address risks associated with remote access to client information and funds transfer requests
  • define and handle risks associated with vendors and other third parties
  • be able to detect unauthorized activity.

4) Confusing compliance with cyber security

5) The human factor – the weakest link

6) Bring Your Own Device (BYOD) Policy and the Cloud

7) Funding, talent and resource constraints

Think of this security layer as the immune system of your company that needs funding and talent to ensure that you don’t experience severe losses as a consequence of cyber-attacks. A good approach would be to set reasonable expectations towards this objective and allocate the resources you can afford.

8) No information security training

Employee training and awareness is essential when covering your base in terms of information security.

Another quick look at the most common file types that hackers use to penetrate your system and trigger attacks that can lead to data leakage tells you what types of actionable advice you could include in your employees’ trainings on cyber security.

9) Lack of a recovery plan

Being prepared for a security attack means to have a thorough plan of what can happen to prevent the cyber-attack, but also minimize the damage if is takes place.

10) Constantly evolving risks

Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes, making it difficult to detect with anti-malware programs. That is why you should take into account that your company might need an extra layer of protection, on top of the antivirus solution.

The first line of defense must be ensured by a product that can act proactively to identify malware, block access to hacker controlled servers and stop data leakage, but also keep your system protected by patching vulnerabilities (usually, applications that are not up to date, such as Flash or Java).