fbpx

Cyber security risks – how to mitigate and minimise them

Last week I was made aware of two major cyber security breaches, one of which directly impacted our business, by two of the top banks in South Africa.  If the top banks in this country are battling to mitigate security breaches with the extensive resources they have available to them, how can companies struggling to recover from the ravages of COVID protect themselves in a way that is economically viable?

There are some basic protocols each company can employ, which can be cost effective if the right solutions are used, that will help you minimise your cyber security risks to an acceptable level.  Here are some suggestions.

cyber security

1. BE PROACTIVE

Due to the increasing number of malicious hackers that are now using sophisticated tools to breach cyber security, it is critical that companies not only have strict cyber security protocol in place, but  that this protocol is regularly reviewed and updated to keep up with the fast-paced world of IT.

Reviewing your cyber security protocol should be done every 3 months at least.  This will include ensuring that your:

  • Software is still secure and has not been identified as breached or reported unacceptably vulnerable to breach
  • Data recovery policy is updated
  • Access control is updated to allow access only to authorised stakeholders
  • Security testing is updated to cover as many vulnerabilities as possible – including the new ones that seem to be coming out daily
  • Incident response plan is updated to include the correct stakeholders

Fortunately, with software solutions like Rapid Audit, supplied by OVS Solutions (Pty) Ltd, you can schedule these regular meetings and ensure the issues listed are reviewed and addressed.  Any actions that arise from the meeting can be scheduled on the Rapid Actions system on Rapid Audit to the relevant stakeholders, and your dashboard will tell you if the action is completed satisfactorily. This highly effective tool will help you ensure you never drop the ball.

2. ENSURE YOUR BACKUPS CAN ACTUALLY BE RETRIEVED

Every company knows that backups must be done in multiple formats, both cloud based and physically, and physical backups must not be kept on site.  Most companies do this, however some companies fail to ensure their backups are functioning as required and that, when backup data must be retrieved, it can be quickly and successfully retrieved.  Testing that this process is robust and working well is essential to the successful data protection of any company.

Software solutions like Rapid Service Alert, supplied by OVS Solutions (Pty) Ltd, will send your supplier reminders that they must perform their relevant checks and updates and will notify you if the work has not been completed.  Your supplier can also upload the results of their testing, so you can review them and sign off that you are satisfied.

3. EDUCATE AND TRAIN YOUR EMPLOYEES

In my opinion the biggest potential risk of breach lies with your employees.  One of the most common ways for malicious hackers to breach your database is via phishing emails.  All it takes is for one of your employees to open an attachment or click on a link sent by malicious hackers and your entire database is breached.  These emails are hard to detect because they are disguised as coming from an internal source, a stakeholder in the company or a well-known external source.  Without proper training your employees are easily manipulated into getting caught by these very sophisticated criminals.

Ensuring your employees are continually trained and aware of the risks is critical.

Fortunately, with software solutions like Rapid Induct, supplied by OVS Solutions (Pty) Ltd , you can constantly update your training manuals and keep track of the new version, issue the training to every employee electronically, ask questions to ensure your employees understand the content and keep track of who is not keeping up to date or not understanding so you can assist.

4. CONTROL YOUR PASSWORDS PROPERTY

Did you know that over 80% of company data breaches are due to weak passwords that are easily hacked?  One of the best things you can do to protect your company from data breaches is to have a robust password control policy in place that is actively enforced.

Over 80% of company data breaches are due to weak passwords

Here are some essentials when setting password protocol for your teams:

  • Store passwords in an encrypted format
  • They should never contain correctly spelt words
  • A minimum of 8 characters per password is essential
  • Ensure they contain upper case, lower case and numerical characters
  • They must be unique and never used before
  • Personal information should not be used in passwords

Software solutions like those supplied by OVS Solutions (Pty) Ltd come with single sign on solutions, that ensure employees must sign on using their unique email address and password!

5. MINIMISE YOUR POINTS OF ATTACK

There are 3 ways in which you can be compromised by hackers and is important to ensure all these areas are identified and secured.  These include:

  • Physical attack – your physical hardware, servers and routers.
    • This requires your hardware, servers and routers are securely locked up and not easy for anyone to access.
  • Digital attack – your data that is accessible through the internet, website, apps and software.
    • To successfully mitigate this risk, you must do regular software updates, patch updates, ensure your malware is functional and updated regularly and that access to IoT data is controlled.
    • Having a policy that details how you shut down all systems as soon as anything suspicious is detected until the issues have been resolved is essential. Doing so can also help you track and trace your hacker.
  • Social attack –the ability to access the information needed to hack your data by manipulating your employees into divulging protected information.
    • The only way to protect your company here is to ensure employees are kept aware of the risks and trained on how to mitigate them.

94% OF COMPANIES THAT HAVE SUFFERED CYBER SECURITY BREACHES WERE DUE TO INSIDER BREACHES

Ensuring all these points of attack are properly addressed in your regular cyber security protocol breaches one of the most crucial actions required to keep your company safe from malicious hackers.

Conclusion

With the multiple challenges any business faces today, cost effective tools that allow proactive work methods are essential. Using software as a service tool can make what was an enormous administrative burden far easier, allowing your staff to concentrate their skill and energy in other areas of your business.

Companies like OVS Solutions (Pty) Ltd, the Africa Licensee of the award-winning Rapid Global Software, have been delivering Health & Safety software solutions for over 20 years. Their only business is the continued development and improvement of their software, to make sure that the solutions keep pace with the ever-changing landscape. All their solutions come with mobile apps.

OVS Solutions also has a great support team who are available to assist with live or online demonstrations, user guides, and relevant information you may require. They can help you with the expected ROI calculations and can share their tips on how to best maximize user adoption and can help you deliver on your plan!