In our summer IT Security Update Jamie is calling on all business owners and senior management to understand the risks that their organisations are exposed to by cyberthreats and how much damage could be done in the event of a serious incident.

He emphasizes that understanding and managing your cyber risk is crucial to protecting your business and reputation.

UNDERSTANDING YOUR CYBER RISK 

This month I’m calling on business owners, board members and senior management of all types of organisations across the land.

The risks associated with cyberthreats have grown at an alarming rate over the years. The threat landscape is also constantly evolving. However, many business owners don’t understand the dangers that their businesses are exposed to from one year to the next, nor do they realise how much damage could be done to their organisation in the event of a serious incident. In some instances, it could destroy their company entirely!

Cyber risk refers to the potential harm posed to individuals, organisations or even nations due to unauthorised access, disruption, or destruction of data. Understanding and managing cyber risk is therefore crucial in protecting sensitive information, maintaining operational continuity, and safeguarding against financial and reputational damage.

I’ll provide one fun example question from a cybersecurity assessment. 

How many of your staff have access to your company email or can access sensitive company files on their personal devices? 

If you are unaware of the answer to that question, lack visibility regarding who has access, or have no explicit policies or technical controls in place to regulate access, it should raise serious concerns. The data in question is likely to be sensitive company information and you may have minimal or no control over its security!

There are several cybersecurity considerations for any personal devices accessing company data. Consider the following points:

1. How many of those devices are outdated and therefore full of security holes?
Unsupported devices shouldn’t be accessing company data, ever. The cyber risks are too great and the danger of compromise and exposure is much higher.

2. How many of those devices have malware on them that can steal data?
Employees could use personal devices that enable them to install applications outside of the official stores. This opens them up to more virus and malware which could put your company data at risk.

3. How many of those devices use strong passwords or pin codes to protect data if a device is lost or stolen?
If no policies or technical controls are in place by your business, some users may choose to avoid having a pin code at all. This is incredibly risky if their laptop or phone is lost or stolen as a thief would have full access to everything on it.

4. How quickly do leavers in your organisation have their accounts locked out, and what happens to the data on their personal devices after their accounts are blocked?
If devices are unmanaged, removing data from personal laptops or phones is tricky. Even if the employee's account is blocked or removed from your systems, the data will likely remain locally on their devices.

5. Is there a process in place for staff to report their lost or stolen devices that contain company data?
If any device, personal or company owned, containing company data goes missing, it should be reported as soon as possible to the relevant people so that the risk can be assessed, and any necessary actions can be taken. In some cases, this may need reporting to the ICO.

That’s just some of the IT security points that should be considered.

If you didn’t know the answer to how many people have access to your company data on their personal devices and fancy potentially scaring yourself, then do the following: write down how many employees you think have company emails on their personal devices. Then send an email round your organisation just asking people if they do or don’t. The likelihood is the number will be greater than you think and should send alarm bells ringing. I’d be interested in the results!

More and more boardrooms have cybersecurity as a crucial part of their plans. As a result, they discuss the risk that cyberthreats present to the delivery of their business strategy. They also ensure that the business has adequate cyber resilience in place to prevent, detect and respond to cyberattacks. However, there are still many businesses that don’t have this on the agenda. If this is your business, it really is time to start talking about cybersecurity.

The following resource is packed with information and advice to help you get started and put cybersecurity on your agenda. Cyber Security Toolkit for Boards (ncsc.gov.uk)

We are of course here to help and support you with any of your IT security needs so please don’t hesitate to get in touch at Security@ntsols.com if you need any advice or further information.​

Click here for more information on our IT Support and IT Services in Surrey, Hampshire and beyond.