The step-by-step guide to a robust cyber-security strategy
Graham Marcroft, Operations and Compliance Director, Hyve, discusses the 6 steps for any business to achieve a bullet-proof cyber security strategy in the face of growing cyber-threats.
With the frequency and sophistication of cyber threats growing year-on-year, and cybercrime damages expected to cost businesses a whopping $6 trillion annually by 2021, your business – and its cyber security strategy – needs to be always on, and never just on standby.
Don’t be fooled by the notion that these scary statistics are reserved only for the biggest players in the game; cybercrime is often indiscriminate, with businesses of all sizes across all industries increasingly at risk from sophisticated threats.
As most organisations are on a journey to achieving digital transformation, 100% uptime is a necessity not a bonus. So, the construction and implementation of a complete cyber security strategy to ensure this is achievable should be a matter of priority that is engaged with across the entire company.
The first step is understanding the importance of having a solid strategy in the first place, and following this up with technology that protects organisations’ increasingly digitally-driven business. If the best cyber-security strategy is one with many strings to its bow, where do you start, and what should it include? Here are my six steps to complete cyber-security-satisfaction:
Start by understanding the urgency
Ensuring that systems and applications are working and secure across all aspects of the company is not just an IT team’s problem. Any discussion around implementing proactive prevention of cyber-security vulnerabilities should be attended by board-level executives and treated as a top business priority.
Often, security strategies are seen as a big investment with little measurable return, but the cost of downtime, repairs and reputation can be detrimental to any business. All business owners should be looking to ensure that they mitigate the risk of all of these costly failures by being proactive rather than purely reactive with their cyber-security strategy.
Equip your people
When it comes to online security and data protection in the workplace, human errors are often considered to be the biggest threat and ‘weakest link’. So, without appropriate training and education, people and businesses can fall victim to cyber-attacks. Because of this, every business should look to integrate cyber-security in the everyday working lives of employees as part of their wider cyber-security strategy.
Businesses should always implement good cyber-security training for employees. One top tip is to avoid dreary seminars and PowerPoint presentations, and instead give practical, accessible advice about recognising cyber-attacks and how to prevent them.
Get creative and think of ways to incentivise security awareness with competitions, ethical hacking and focussing on the individual’s vital and ongoing role in cybersecurity. Even by understanding phishing attacks, promoting safe password management and protecting sensitive information, employees can make more informed decisions about potential security risks, and this will go a long way to keeping your business robust and resilient.
Implement proactive prevention
Now you know how crucial this strategy is, it is important to think about the kind of preventative measures you can take to mitigate any disasters occurring. Often, proactivity gets overlooked for a reactive approach, but both should be thought about in parallel for optimum security and IT resilience.
There are practical ways in which organisations can ensure they are protected, and there are better technologies available for the effective prevention of cyber-threats than ever before. Businesses should be researching the tools and applications that are designed to track, monitor and react – and importantly, solutions that will intelligently integrate with your IT infrastructure.
One such proactive technology is the use of intrusion detection system (IDS), a piece of hardware or virtual appliance that monitors a network for any malicious activity or violations of agreed policies.
If implemented properly, this technology will ensure that, in the event of an incoming cyber-threat, the activity can be immediately reported to the service provider where a dedicated security team can take the appropriate and pre-agreed actions.
If you are unsure, a Managed Services Provider (MSP) should offer these kinds of solutions, and can ensure your organisation is not only utilising the best security technology, but has a team of experts to seamlessly manage it all.
Map out your disaster recovery (DR) needs
Alongside prevention and detection, businesses should be looking at what they will need in the event of a disaster. There are a few considerations to make before selecting a technology or solution for the DR element of your cyber security strategy.
Firstly, businesses should implement a risk assessment that identifies which systems, applications and types of data are most critical to their specific business operations. Risk assessments and business impact analyses help to simplify the process and move the DR strategy in the right direction.
For example, a business that follows any certified accreditation would include it as part of business continuity planning.
Additionally, recovery objectives are also important to provide an estimate of how long it takes to get a business back up and running in the event of a disaster. A Recovery Point Objective (RPO) defines the point a business can return to in a server’s timeline after a disaster.
With daily backups, for example, the maximum RPO would be 24 hours. A Recovery Time Objective (RTO) sets out how long it takes to recover from a situation such as a full data centre disaster. These considerations ensure you know exactly where you stand with you DR strategy, and ensure it can be implemented efficiently, and with peace of mind.
Weigh up the available DR options
Now that you know what you need from the important DR element of your overall cyber security strategy, it’s time to look into the actual technologies and options that are available.
A solution to consider is one of the most sophisticated DR solutions, “hot DR”, which replicates and synchronises an organisation’s entire system architecture, data storage and applications to a secondary data centre.
If a disaster occurs, the failover system switches the company’s DNS to the DR site, enabling the business to continue serving staff and customers. In the event of a catastrophic disaster at the production site, the DR site takes over as the production site.
If, like many businesses, you are utilising a cloud-first approach, then it is worth bearing in mind that the cloud has had a significant impact on DR. Because, by increasing performance and reliability, while lowering running costs, cloud services have made DR more accessible and affordable.
While utilising the cloud for your DR strategy can be a great idea, without proper management it can get a bit complicated. Managed cloud providers are enabling companies to focus on their business and not be distracted by complex IT, enabling in-house IT teams to focus on more strategic activities and providing the infrastructure, data centre and support engineers to run everything for a business.
Ask your hosting provider to package it all up
Equipped with your new-found understanding of what your business needs, as well as what technologies and solutions are available to you, next is how to implement this easily, efficiently and without delay.
Working with an MSP can often be the answer to solidifying your crucial security strategy, as it provides ease of management, scalability and complete integration. By utilising a reliable MSP, companies can put all of the technologies to good use, and deploy excellent cyber-defences through a security as a service model.
With so much focus on their own platforms, networks and performance, managed service providers are well-placed to deliver the right cyber-security solutions for businesses to minimise risk and downtime. Your hosting provider should back-up the promise of 100% uptime and go beyond expected standards to ensure your business is “always-on”.
A growing number of IT managers are realising that choosing the right MSP can mean much more than just flexible and scalable IT infrastructure, but can be the difference between being vulnerable to an attack, and having a completely secure, managed and monitored environment for critical data.
Having a team of experts available 24/7, that are able to remotely manage all of the tools and technologies of your advanced cyber-security strategy, will ultimately ensure the safety of your increasingly valuable, and growingly vulnerable, business and user data.