The average cost of a data breach in South Africa has risen to R36.5-million according to research by IBM Security’s global study which looked at the financial impact of a data breach on a company’s bottom line, that’s enough scare any business owner.
Two cyber security experts offer their top advice to avoid the high costs of data breaches, which includes lost business, negative impact on reputation and employee time spent on recovery.
Brian Pinnock is a cyber security expert at Mimecast, a enterprise cloud services company; Jarryd Chatz is CEO at BitCo, a telecommunications operator and Internet service provider.
Empower yourself, this is what you should be doing.
1. Understand what you’re up against
The first step is to understand the cyber threat landscape. According to a recent study by Mimecast and Vanson Bourne, almost half of South African organisations had seen an increase in phishing attacks with malicious links (47%) and malware/ransomware through email attachments (48%) in the last 12 months.
Ransomware holds your computer or network hostage by encrypting its files, and demands you to pay for the release of your data. If this type of malware gets into a network, all connected PCs go down with it. What’s more, your business stands to lose valuable data in the process, often with confidential and sensitive information hanging in the balance. – Brian Pinnock
2. Strengthen password protection
Possibly the easiest security procedure to execute, there’s no reason to still use your birthday as your desktop password. Increase password difficulty and uniqueness with a mix of lower- and uppercase letters, numbers and special symbols, and utilise reminders that prompt you to update passwords regularly.
Two-factor authentication (which you’re probably familiar with in terms of banking app transactions) is also valuable as an additional layer of security for sign-in processes. A further good idea is to limit employee access to passwords according to their role at the company – not everyone needs access to everything on the system as this creates additional avenues for cyber-attackers to exploit. – Jarryd Chatz
Data backups form part of a broader cyber resilience strategy to help your business resume normal operations in the event of a cybercrime incident
3. Educate employees
The most advanced cybersecurity system means very little when your staff don’t know how to use it properly. Introduce security protocols for keeping employee, vendor and client information safe, as well as damage-control procedures staff can follow should a breach occurs.
Train employees to follow best cybersecurity practices at all times. This applies particularly to identifying fake emails and unsecured websites – the typical source of malware infection. – Jarryd Chatz
4. Update devices
Regular software, operating system and web browser updates are crucial to shield desktops, laptops, tablets and cellphones against the latest, ever-evolving security threats. Cloud software should be automatically updated by the provider but ensure you and your staff make a point of manually checking for new versions of all other software anyway, especially your antivirus protection.
If your employees use personal devices for work – in line with the growing BYOD (Bring Your Own Device) trend, consider having a network administrator install monitoring software and promote automatic security updates on these pieces of hardware. Such cautionary moves help to ensure an uncompromised company network. – Jarryd Chatz
5. Create backups regularly
Schedule routine backups (daily, or at least weekly) of all important information stored on company computers, and keep a copy of these backup files in the cloud, as well as on an offline hard drive to be extra-safe. Both copies should be encrypted. Data backups form part of a broader cyber resilience strategy to help your business resume normal operations in the event of a cybercrime incident. – Jarryd Chatz
6. Reliable data recovery is your Best Bargaining Chip
Ransomware is fast becoming the most common and damaging form of cyberattack. But your attackers will have little bargaining power if they are unable to separate you from your data permanently. That’s why a secure and reliable archive is your best chance of tipping the scales in your favour. An always-available archive allows you to restore your data should disaster strike. – Brian Pinnock
7. Install an on-premise managed firewall
For around-the-clock, all-inclusive and enterprise-grade protection, your best bet is an on-site firewall. A service provider will install, manage, monitor and maintain the hardware, removing any guesswork and offering you peace of mind that your systems and all the precious data they contain are safe from illicit access attempts. – Jarryd Chatz
8. Stay online no matter what
It’s not only the data or monetary loss that you need to consider, downtime could cost you productivity and potentially customers and revenue. Be prepared to quickly and seamlessly switch to an available service, should downtime due to a cyber-attack occur. A continuity solution allows access to everyday tools, like Microsoft Outlook or G-Suite by Google Cloud, in the event of an outage. If PCs or the broader network are affected, it’s useful to be able to access email through the web or mobile continuity apps. – Brian Pinnock