Is your company’s cyber security profile up to par?
The immediate reaction might be “of course!” But for many companies, the answer isn’t so simple.
Cyber attacks are more common than many believe. It’s estimated that 64% of companies worldwide have experienced a cyber attack, with an average of 30,000 websites hacked daily.
For businesses managing sensitive data and heavily-controlled workflows across global supply chains, these types of disruptions can eat away at customer trust and profitability. For government entities, healthcare, or essential utility companies, the problem becomes an issue of public safety. Keeping systems active and functional goes beyond business luxury when lives are at stake.
Worse yet, hiring in cyber security hasn’t kept pace with demand. It’s estimated that the number of unfilled cyber security jobs increased by 350% from 2013 to 2021, with over 700,000 vacancies in the U.S. alone.
This puts businesses in a tough spot. With cyber attacks on the rise but little talent available to fill the gaps, companies need to get creative in how they improve cyber security across the organization.
Tip #1: Raise Company-Wide Awareness
A strong cyber security profile doesn’t get built overnight. It’s a process that requires buy-in from IT decision-makers and C-suite executives across the company hierarchy, and if key leadership isn’t engaged, you won’t get far. Those interested in stronger cyber security should aim to engage these decision makers early in the process and help push the value of security to others in the organization.
An easy way to do this is to explore connected technology solutions that can improve the business’s security along with potential applications in the business’s unique environment. For example, some executives outside of the technology space may be unaware of how integrated IT alert tools can be worked into the company’s existing communication system.
Even the small integration of a more reliable, unified communication system can do wonders for business reliability, and it can help to raise awareness of these solutions for those unfamiliar with them.
Tip #2: Create a Response Plan
Most pieces of cyber security wisdom aren’t one-size-fits-all, but one aspect that’s universal is the need for a cyber security response action plan. This means creating a written plan that delineates what steps to take in the event of various attacks or outages, including who to contact, responsibilities, and approved protocols for addressing the issue.
In early 2022, KP Snacks was hit with a nasty ransomware attack that locked up its systems and caused substantial supply chain disruptions. With no safe way to process orders and dispatch products, the company’s hands were tied. The attack is believed to be the work of the Conti cyber crime group, a new breed of ransomware-as-a-service (RaaS) gang connected to larger cyber criminal organizations.
While the full extent of the damage remains unclear, KP Snacks launched an immediate cyber security response plan upon discovery of the attack, including coordination with forensic IT experts and legal counsel. This type of immediate action is an essential part of disaster recovery, as every minute of downtime means dollars left on the table.
This is another area where unified communication solutions can pay dividends. When a company has a dedicated system for incident communication and management, it’s far easier to coordinate disaster recovery efforts. Solutions like those from HipLink let employees stay connected to each other at all times, regardless of what security event may occur.
Tip #3: Set S.M.A.R.T. Security Goals
Many of us are familiar with the SMART framework for goal-setting: To produce the best results, a goal should be Specific, Measurable, Attainable, Realistic, and Time-Bound. This type of framework is good practice for goal-setting across industries, and cyber security is no exception.
Improve cyber security management by reviewing your current security initiatives. Start with an audit of your assets and perform vulnerability assessments to see where you might be coming up short. From there, line out realistic objectives for improvement that can be measured and make dedicated efforts to track improvement over time.
It’s important to find and address these vulnerabilities proactively rather than reactively. Consider the 2013 Yahoo breach, one of the largest cyber security breaches in history that revealed account details for three billion total users.
After a slew of legal battles and class-action lawsuits in the coming years (alongside several other high-publicity breaches to contend with), Yahoo would be fined $117.5 million – one of the largest common funds ever awarded in a data breach case.
In Yahoo’s case, ongoing security vulnerabilities exposed the company to risk year after year. Another breach occurred in 2014 when attackers stole an internal process used by Yahoo to create authentication cookies, just one of many vulnerabilities in Yahoo’s system. We believe this type of breach could have been avoided by taking a more diligent, comprehensive approach to business security.
Improve Cyber Security Across Processes and Technology
The above tips represent a few quick wins that businesses can leverage to improve cyber security, but they’re only the tip of the iceberg in terms of creating true security. As an intelligent communication alert provider, our team at HipLink has seen company after company struggle with security concerns.
This is why we put together a whitepaper: 10 Secrets to Improving Cyber Security, where we go address some of the biggest and most common challenges businesses will face when improving their security stance. If you’re ready to get proactive about security, download your copy here.