By Denis Ryan, a certified Lead Auditor at NSAI with over 20 years’ experience in ICT across Europe, USA and Asia.
“For those unsure of where to start, the critical trio of areas to address are ransomware defence, employee awareness training (especially for non-IT staff) and encrypted backup of mission-critical data,” Denis Ryan, National Standards Authority of Ireland (NSAI)
There’s no doubt that building and bolstering your company’s cyber-resilience should be top of your ‘to do’ list. And as October is European Cyber Security Month, the time is right to level up your cybersecurity.
Future-proof your cyber security
As hackers are always evolving how they work, it’s vital that your business stays as cyber-resilient as possible by implementing best practice so it can evolve as needed to face down emerging threats.
Organisations often get caught out by threats they didn’t know existed – the unknown unknowns – so it’s important to stay informed and keep upskilling your IT team so it has the capabilities to cope with whatever threats arise. Regardless of the size of your business or the sector in which you operate, cybersecurity needs to be a priority.
How to prioritise your cyber-security plan
For those unsure of where to start, the critical trio of areas to address are ransomware defence, employee awareness training (especially for non-IT staff) and encrypted backup of mission-critical data, as you can revert to this if you have a breach.
Continuous awareness training is vital so that all employees understand that everyone has a role to play by being able to recognise phishing attempts and following security protocols. It’s also important to factor in cybersecurity to your change management protocol, for example. How will new tools or processes affect privacy, record control and other aspects of cyber-resilience for your business?
Other areas to prioritise include vulnerability scanning, patching, having good authentication and password management, and being able to offer incident response plans, – meaning that if something untoward happens, you have a plan for handling it.
Understand the value of certification
For Irish businesses, being smart about cybersecurity pays dividends on multiple fronts. First, when your cybersecurity is up to date, you prevent the financial loss that comes with any breach. Cybersecurity issues such as data theft or service disruption regularly cause companies to incur significant financial losses.
Not only that, but a company’s reputation can also be damaged irreparably by a security incident. Clients or partners can quickly lose confidence in your company and won’t want to import a risk into their systems. Nobody wants to buy in trouble.
On the more positive side, having excellent cybersecurity protection that complies with an agreed international framework, such as ISO/IEC 27001, means your existing and potential customers can trust your business. Having the right controls in place can help your business to scale internationally, as larger clients expect a certain level of cybersecurity in place. In fact, this is a boardroom issue meaning it’s a priority at the highest echelons of larger organisations.
It will also help you to future-proof your business, as the European Union is planning to introduce multiple new cybersecurity directives as it focuses on a new cybersecurity certification framework.
The international gold standard for cybersecurity
Has your company considered getting certified to the ISO/IEC 27001 Information Security, cybersecurity and privacy protection Management Systems standard?
ISO/IEC 27001 is the gold standard internationally for cybersecurity. Not only does it provide the structure to make sure your organisation is protected now, but it also ensures you put the processes and procedures in place to keep up to date with the ever-changing threat landscape and system vulnerabilities. Think of it as a framework for improving your cyber-resilience across your organisation, your people, your physical infrastructure and your technological systems.
You can get started by planning your journey to certification with the help of NSAI. Complete the free self-assessment questionnaire here on our website or sign up for an upcoming webinar to discover more about how to improve your cybersecurity resilience and learn more about relevant standards.