Organisations and individuals always feel invincible when it comes to cyber security. A sense of complacence tells us that it can happen to others, but not to us. That is never the case with people with mal intent. If you want to make your organisation secure, you have to start with a shift in mind-set. You need to internalise that everyone is a potential mark, a target. This includes you and everyone who works in the organisation with you. Once you’ve understood this simple idea, you will be able to look at this entire issue with more objectivity and urgency.
If you could be a target of a threat, how might you protect yourself? Secure your devices, to start off with. Invest in some good surveillance equipment and intrusion detection system that monitors the systems and devices in the company and the users of the devices too. Make sure that the security team handling the cloud data, the computers and servers are at the top of their game. State-of- the-art alarms are a must in an organisation too.
Every user of a device or a piece of equipment that can and is connected to the internet should be trained on safety precautions. They should not leave their devices unattended, they must be password protected and employees must also, as far as possible, not be tempted by the free public Wi-Fi that’s available in many places. Information should be stored in remote locations; cloud machines, servers, hard disks and external disks that are not on the premises.
Training is crucial for the overall well-being of the organisation. For example, staff members should follow a protocol when they receive suspicious emails. The issue with this is that they don’t look suspicious. Most of them look legitimate and do not raise any flags. Care needs to be exercised at such times.
The need for a fabulous anti-virus system cannot be stressed enough. Anti-virus, phishing, malware- it must include everything. This system should be updated and maintained scrupulously. Cyber security also includes the external devices used in the organisation. Pen drives, disks and CDs carry potential threats and should be handled carefully. Do not run them without doing a check and do not download from unknown sources.
Passwords should be decided upon with care. Strong passwords, a combination of seemingly random numbers, letters and characters, more than the expected eight, are all recommended. Change your password, at periodic intervals.
Cyber security also includes demonstrating restraint online, in social media pages and websites. Do not share too much information, be judicious of who you add in your page and connect to, and as far as possible, do not use work time to indulge in this pastime.
It’s important to keep an eye-out for any behaviour that’s out of the ordinary. A friend request that asks too many questions about you and the company, a connect that’s overeager, an email saying that someone has tried to enter your email id or a password change request email. Watch out for these, look for patterns and report threat detection to the in-house experts if needed.