Why you should invest in information security and governance

With todays ever increasing threat of cyber related attacks against businesses, Information Security is more important than ever to ensure that your business is protected against threats such as ransomware and data breaches.

There’s a frightening trend that has not appeared to slow down, from my experience, as much as it should have, this is the way businesses handle the security of their systems and its associated information.

All too often we see businesses relying on the hope that their backups will be there when they need them, but not performing regular restorations to make sure that the backups and the processes are there for that one time they need them.

Another area we see, is that companies are not performing updates to all systems and devices as often as they should.  When was the last time you updated your router’s firmware? Applying updates not only fixes bugs and security vulnerabilities but can also increase the performance of your systems in occasions.

There are way too many zero day vulnerabilities being released at the moment, for all platforms, so being slow on updates should not be one of the areas you are relaxed on.  You should ensure that updates are applied within 14 days of release, but at 30 days at a maximum.

Did you know that the average annual cost for a business that suffers a data loss after a data breach is £8,460. That 27% of businesses were attacked at least one a week and they didn’t know they were being targeted?

Businesses need to be investing more in additional education and awareness of cyber and risk-based threats. By making sure that your staff know what to look out for and ensuring that policies and procedures are in place will help to reduce these risks.

All too often staff are receiving phishing emails from malicious sources (or even internal testing) which are attempting to trick and get staff to click on and disclose information, such as login information in the hope that they can hold the business to ransom.

By performing and implementing some best practices that are defined by UK certification schemes such as Cyber Essentials and IASME Governance. You can check your business for weaknesses that may otherwise have been used for cyber related threats, as well as helping to demonstrate to your customers and suppliers that you take the security of their information seriously.

To help identify risks further, businesses are also looking at performing penetration testing, which is a form of ethical hacking, that simulates attacks on a companies’ network and systems. You can gain confidence that any security vulnerabilities found in your systems and software are identified as quickly as possible, allowing you to reduce the changes of a cyber related attack or data breach.

By applying some or all of these techniques mentioned in this article, you can be sure that your business will be in a much more secure place.