What is an Effective Cyber Security Policy?

Cyber security means different things to different people, and this can be one of the problems in creating a relatively good cyber security protection system within any organisation or business.

Some of the most common questions asked are :

What is  a Cyber Security attack?

What is a Security Network?

What is a Cyber Security Policy?

What is Cyber Crime?

What is  a Cyber Security Engineer?

In a number of organisations, staff employed or think of cyber security as being the realm of the IT guys. To them it means the risks of a network being hacked by someone and stealing data, and it’s down to the IT systems professionals to protect the network through firewalls etc.

Whilst this is certainly a large part of cyber security, the danger in this understanding is that it leaves out the day-to-day activities of people employed within the organisation. These account for the bulk of the activity through networks, and it is day-to-day activity that in many ways poses a much greater risk for many organisations.

This is not so much an issue around complacency, as around getting staff or people working/volunteering in any organisation or business to appreciate the real risks posed by doing any activities online, on any device, at any location.

Any organisation or business will be acutely aware how internet access has changed profoundly over last few years, not only in terms of broadband speeds, but in terms of how people access the internet through smartphones, tablets etc. There is also the strong drive/push by many organisations and government agencies to push people to use the Internet to do their daily chores.

CYBER SECURITY – INTERNET USAGE

It is worth recapping the various areas that people use the Internet for. People employed in any organisation or business likely to use the internet at that place the employment not only for company business, but also for their own day-to-day activities.

This invariably puts the company or organisation at risk of a data breach, and it is important to understand the dangers of this happening.

CYBER SECURITY – EMAIL

Email – email is still used by most people as a primary means of communication, both to work colleagues and to friends/family.

Whilst a company/organisation should have its own anti-virus and anti-malware software installed, there still a danger through unsolicited emails of introducing malware into the network. It is estimated that between 85 and 90% of all email sent is spam.

Surprisingly many people do click on spam links, partly because a huge amount of spam is directed at pharmacy medications and Viagra, which can sometimes be made to look convincingly professional.

The risks of clicking on any type of spam email, or opening any attachment from an unknown source or that it will introduce some type of malware into the organisation’s IT system, with potentially highly damaging effects.

CYBER SECURITY – BANKING and FINANCE

Banking and finance – most of the major banks are increasingly persuading/forcing customers to do their banking online, which again raises real security issues, often through email.

Many of the scams people fall for stem from emails sent to them that purportedly come from their bank, or from their credit card company or organisation such as PayPal.

These scam emails will contain links within them encouraging individual to click on the link and either enter a password or confirm some other details. This type of scam invariably leads to disclosure of critical private information from individual, which usually results in monetary loss and/or the risk of identity theft.

CYBER SECURITY – SOCIAL NETWORKING PROFILES

The other huge area of potential risk is through social networking. People quite happily post a huge amount of private information on social network sites such as Facebook/Twitter/Google + etc, which presents a potential minefield in terms of privacy and identity theft.

The danger is that enough information could be gathered about an employee through that social networking profiles to allow hackers/criminals to gain access to a company’s network through posing as an individual connected to that organisation.

The other main areas of Internet usage tend to relate to areas such as online shopping, online gaming and gambling, downloading and distributing videos and file sharing. Whilst internet usage itself is not primarily dangerous, the issue within an organisation/business is that of cyber security.

All the above activities when carried out within an organisation or business environment can potentially expose the security of the network through unintentional personal carelessness.

The main way to protect the organisation/business against risks outlined above is really through education, and having policies and procedures in place which help staff and volunteers to remember the potential dangers that daily online activities can expose them to.

CYBER SECURITY – PASSWORDS

Changing passwords is a classic example. Every cyber security guide there is encourages people to change their password regularly, but most people don’t. If they do, they change it to something memorable so they don’t forget it.

Changing an attitude or culture within any organisation is difficult, but an area of website security it can be increasingly dangerous or financially damaging not to.

CYBER SECURITY – INTERNET of THINGS

The other huge area of cyber security which is likely to become dominant in the next couple of years is what is referred to as the Internet of Things.

This refers to the ever increasing installation of wireless capable activity into and onto such everything that people own, eat, where, buy or in some other way have about them on their person or in their person in daily life.

The intent is to make people and their daily activities always connected to the Internet. This may take some time to achieve, but is being driven by all the major tech companies and all the major manufacturers.

This means in simple language that everything from clothes to watches, spectacles, shoes, refrigerators, ovens, speakers, televisions, cars, pacemakers, public transportation etc are becoming, or soon will be, wirelessly connected. To some people, this scenario is a dream, to others it is a nightmare.

However it is likely to become a reality of some description within the next few years. It is largely been driven by the belief that the more people are connected wirelessly to their lives, the more goods and services can be sold to them, and the more profitable large manufacturers and tech companies can come.

Whatever the ideological bent about the Internet of Things, perhaps the major issue is cyber security.

If peoples lives are literally connected with the world online, it will expose then and their possessions to extensive cyber security risks, both in terms of hacking and other risks as outlined above, and will require extensive rethinhing about different types of insurance and risk management.

Comments are closed.