Businesses cannot ignore the risks of Cyber Crime
Earlier this year the government published new guidelines to help businesses to protect themselves from the risk of cybercrime, which can cost them millions.
It argued that cyber threats should be prioritised as a key business risk like financial and legal challenges and should be put on an equal footing with other threats like financial and legal pitfalls.
Businesses should ensure that they have detailed plans in place to respond to and recover from any potential cyber incidents.
They should also regularly test their plans’ resilience, include forma\l mechanisms for reporting incidents and should also ensure employees have adequate skills and awareness of cyber issues so they can work alongside new technologies in confidence.
Figures show almost one in three (32%) firms have suffered a cyber breach or attack in the past year,
Lindy Cameron, National Cyber Security Centre CEO, said: “Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats.”
Basic protections every business should have include:
- boundary firewalls and internet gateways — establish network perimeter defences, particularly web proxy, web filtering, co ntent checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
- malware protection — establish and maintain malware defences to detect and respond to known attack code
- patch management — patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
- allow listing and execution control — prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
- secure configuration — restrict the functionality of every device, operating system and application to the minimum needed for business to function
- password policy — ensure that an appropriate password policy is in place and followed
- user access control — include limiting normal users’ execution permissions and enforcing the principle of least privilege