Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

 

By Mark Brown, Founder of Psybersafe

I worked in cybersecurity in the finance sector for many years, and I know from experience that there are three “must haves” that all businesses should have in place in order to keep their online systems safe from hackers. Without  these three pillars – People, Processes and Technology   all being present, the cybersecurity job becomes much harder. 

  • People

Of these three, my view is that ‘People’ must be at the top of this list. Of course, many companies take this to mean hiring specialist cyber security staff. But actually, everyone in your business is part of this pillar. Every single one. And that’s because statistics show that 90% of cyber security breaches are down to human error.

And, regardless of how experienced they are, it could as easily be your CIO or someone in your IT team as the customer service rep who opened an email that looked like it was from the client. It could equally easily be the accountant who thought she was clicking on an invoice, or the HR Director who followed a link to an updated CV.

That’s how cyber criminals get into your business. They tend to use people. That makes your people your first line of defence against cyber criminals.  Everyone in your business needs to know not just what to look out for, but how to change the way they behave to stop inadvertently opening the door to data loss and all the serious financial and reputational damage that inevitably comes with it. 

All the data in your business is sensitive – it’s your data. And the data of your clients, suppliers, and shareholders. Importantly, a criminal doesn’t need highly personal details to do real damage – names and email addresses may be enough. So anyone working in your business with access to any information could put your business at risk. To support your people, you need three things: good quality, behaviour changing cyber security training, backed by the other two pillars of effective cyber security.

  • Processes

Every organisation – no matter how big or small and no matter what type – should have processes in place that help manage cyber security issues. Who has access to what data? How do people log on? Do you use two-factor authentication? What happens if your security is breached? How do you tell your customers you’ve lost their private data? How do you manage the damage to your reputation? You really don’t want to be doing all of this when you’ve fallen victim to an attack. Develop clear, robust policies and share them with your teams so they know you are taking this significant risk seriously.

  • Technology

Technology plays a critical role in protecting your business against attack.  But where to start?   Whilst ISO 27001 is the strongest standard, smaller companies can start with adopting the Cyber Essentials certification – a government-backed scheme that is managed by the National Cyber Security Centre. This certification covers a wide technical scope and gives your customers, suppliers and investors confidence in the general standards of your technology and systems. 

At the moment, Cyber Essentials includes a range of requirements for IT infrastructure – hardware, software and devices – including:

  • Wireless devices
  • Bring Your Own devices
  • Externally managed, or cloud devices
  • Other externally managed services
  • Web applications
  • Firewalls
  • Routers
  • Desktop devices

In addition, the certification looks at other issues, including password-based authentication and administration of accounts..

Your internal or external IT support should be constantly assessing the potential risks to your business and putting mitigation in place to keep systems secure.

Together, these three pillars form the basis of a strong and secure approach to the risks that cyber crime presents. But you need to have all three in place to be truly effective. Many companies focus on the tech and forget the people – and that’s a mistake. Your people are the heart of your business, and they are the hacker’s easiest way to your data

I am a great believer in getting the right technology in place to support good cyber security practice.  But technology alone is not going to protect you.  Make sure you put your people at the heart of your cyber security defences.  

 

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts