Cyber Security & Cyber Resilience

Cyber-Security-&-Cyber- Resilience

Cyber security.

Cyber security is the protection of computer systems and networks stopping people getting to your information. Or the theft of, or damage to their hardware, software, or electronic data, as well as from the disruption they provide.

This has become the utmost importance due to the expanded reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and Wi-Fi. And due to the growth of smart devices, including smartphones, televisions, and the various devices that constitute the Internet of things (IoT). Cybersecurity is also one of the significant challenges in the world today. Due to the complexity of information systems, both in terms of political usage and technology. Its primary goal is to ensure the system’s dependability, integrity, and data privacy.

Cyber resilience.

In the business scenario this refers to business or organisations ability to continuously deliver the intended outcome, despite cyber-attacks. Resilience to cyber-attacks is essential to IT systems, critical infrastructure, business processes, organisations, societies, and nation-states.

Unlike cyber security, which is designed to protect systems, networks and data from cyber-crimes. Cyber resilience is designed to prevent systems and networks from being derailed if security is compromised. Cyber security is effective without compromising the usability of systems and there is a robust continuity business plan to resume operations, if the cyber-attack is successful.

Help to business.

Cyber resilience helps businesses to recognise that hackers have the advantage of innovative tools, element of surprise, target and can be successful in their attempt. This concept helps business to prepare, prevent, respond and successfully recover to the intended secure state. This is a cultural shift as the organisation sees security as a full-time job and embedded security best practices in day-to-day operations. In comparison to cyber security, cyber resilience requires the business to think differently and be more agile on handling attacks.

The objective of cyber resilience.

The objective of cyber resilience is to maintain the entity’s ability to always deliver the intended outcome continuously. This means doing so even when regular delivery mechanisms have failed, such as during a crisis or after a security breach. The concept also includes the ability to restore or recover regular delivery mechanisms after such events, as well as the ability to continuously change or modify these delivery mechanisms, if needed in the face of new risks. Backups and disaster recovery operations are part of the process of restoring delivery mechanisms.

How EBM can help.

Cyber security needn’t be a daunting challenge for small business owners. Following some quick and easy steps outlined in the guide below could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber-attack, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cyber-crime.

Back your data up.

Back your data up, keeping your back up away from your computer. Off premises preferably, consider the cloud back up and make this a part of your daily business routine.

Protect your business from malware.

Install and switch on your antivirus and firewall software, prevent people from downloading any dodgy apps or software, control the use of external memory drives (such as USB, memory cards and external hard drives). And above all keep your IT equipment up to date.

This also applies to smart phones and tablets.

Switch on your password protection/finger and face protection. Keep your device and apps up to     date, don’t use unknown Wi-Fi hotspots and make sure stolen and lost devices can be tracked, wiped or locked.

Using passwords in order to protect your data.

Your laptops, computers, tablets and smartphones will contain a lot of your own business data, the personal information of your customers, and details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.

Predictable passwords.

You need to make sure you don’t use predictable passwords, make sure password protection is switched on, change all default passwords, use two step verification for important accounts like banks and credit cards for example. And help staff cope with possible password overload.

Avoiding phishing attacks.

A typical phishing attack can be when a scammer sends a fake email to thousands of people asking for some sensitive information like bank details for example, or even a link to a bad website, which they will try to attempt you to trick you into sending money to them, or steal your details to sell on. They may even try to access your business or organisation’s information for such things as political or ideological motives.

Here’s some examples for what to do to reduce these attempts.

Configure your accounts with least privileges/access for staff, enough to do their jobs though. So if they were to be a victim of a phishing attack the damage or potential damage will be reduced. Keep administrator rights to a minimum amount of people. You need to think about the way you operate, for example if a staff member gets an unusual request from someone (It may even look like it’s someone they know, or a supplier) where they go for help.

More info can be found here.