Cyber Security Management

by Maya G

Cyber security is becoming an increasingly important topic in the world of business. With so many companies relying on technology to stay competitive, it's no wonder that cybercrime and hacking are skyrocketing - and with them, the need for businesses to protect themselves from increasingly sophisticated attacks. Cyber security includes the protection of information on your computer, network, software systems, and data. Unfortunately, when there are breaches in cyber security, this can lead to many problems for the people involved.

Cyber Security, Cyber Security Management

Impacts of cybercrime

Cybercrime has become increasingly common over the years. It's estimated that cybercrime will cost $6 trillion annually by 2021, more than the global revenue of all three countries! Cybercrime comes in many forms, ranging from phishing to ransom ware and beyond. Here we will discuss some impacts of cybercrimes that a business can face:

  • Economic costs – Theft and misuse of corporate information, Expenses incurred in recovering damaged systems and IT assets can reduce the profitability margin of a company.
  • Reputational costs – Impact on goodwill, loss of reputation, customers, expenses incurred on PR and marketing due to media outrage
  • Regulatory costs- Organizations can suffer from regulatory fines and sanctions from GDPR and government authorities due to data breaches.
ITSM, ITSM templates toolkit

    Cyber security vs. Information security

    Cyber security is the art of protecting information systems from cyber threats. Information security, on the other hand, protects information itself. Both are critical for any company to be successful in today's world. There are two approaches companies can take to these types of protection - preventative or reactive. When a company takes a preventive approach, they are less likely to have cybercrime issues because they're not relying solely on others for their safety and security measures. Cyber security belongs to a reactive approach where a company takes steps to solve cyber-attacks or threats. They also build an infrastructure that prevents such kinds of attacks.

    Download This Template

    Cyber security

    Information security

    Focuses on preventing online threats

    Takes an overview of the overall security landscape

    White hat hackers play a significant role in building security infrastructure who think like hackers

    Works on the protection of data from data leakage

    Finds bugs in security systems and suggests improvements.

    Makes plans to recover from breaches

    Acts as the frontline of defense from cyber threats

    Supports in building a security infrastructure

                     

    1. Passwords- Ensure all employees have passwords with at least eight characters and include numbers, letters, and special symbols. Make sure to encrypt all the passwords and verify their identity by two or 3-factor authentication.
    2. Update anti-virus software-An anti-virus software does not guarantee safe protection as new viruses are produced by hackers every day. Frequently updating your software with the latest features will increase the chances of securing your devices from unknown threats. Create settings that enable the software to update by default.
    3. Account deactivation- Few employees take revenge on the company after resignation for some internal conflict reasons, which in turn creates trouble for the company. Create a protocol for user account deactivation when an employee leaves the company.
    4. Dispose of equipment- Dispose of equipment that contains sensitive information when no longer in use. Before destroying data, create a backup of the necessary information and use different methods like shredding and electronically recycling. Use a SATA cable if you are not physically destroying the hard drive.
    5. Vulnerability scans- It is recommended to conduct internal and external vulnerability scans quarterly to check for any weaknesses or threats in your systems. Internal scans detect any harmful programs downloaded, whereas external scans detect the strength of network segmentation.

    Cyber Essentials Scheme:

    The Cyber Essentials scheme is a certification that helps organizations to understand the basics of cyber security and how it can be applied in their organization. The scheme has been designed by the UK National Crime Agency, with input from industry, government, and academia. It was launched on 18 March 2013 and guides basic computer security practices that help reduce the risk of cyber-attacks and discourage data theft.

    Certification

    The International Association of Social Media Entrepreneurs (IASME) is a global not-for-profit membership organization that supports and promotes the success of social media entrepreneurs around the world. IASME Governance cyber essentials are designed for those who want to learn more about governance, cyber security, and compliance requirements for social media professionals. In addition, it was designed to keep in mind to improve the security concerns of small and medium enterprises.

     technical controls of cyber essentials, Cyber Security Management, Cyber Security

    Controls 

    The technical controls of cyber essentials are:

    1. Boundary firewall- A boundary firewall is a network appliance that monitors incoming and outgoing traffic to conform to the desired policy. This type of firewall typically sits between an enterprise's internal network and the Internet or is a standalone device for small networks. The idea behind this type of firewall is to block all inbound traffic without an explicit exception while allowing outbound connections only if they are explicitly authorized by policies set up on the device.
    2. Configuration management- Configuration management is a process for maintaining and controlling changes across multiple systems in the IT environment. Configuration management solutions help to ensure that all system configurations are aligned, up-to-date, and compliant with standards, regulatory requirements, and best practices.
    3. Access control- Access to sensitive information at certain places like data center, storage rooms are restricted to limited people. They would require authorization to enter and use the information.
    4. Patch management- Patches are a set of changes to a program or system to improve its functionality. It includes securing vulnerabilities and fixing bugs. Patch management is one of the most critical aspects of system administration. It's essential to keep all software on your computer up-to-date, and patching vulnerabilities discovered in programs you use can help prevent serious security breaches.

    Cyber security best practices :

    • Conduct risk assessments - Knowing the potential risks associated with your company's need to use information technology systems can better prepare you to protect against these types of breaches. A risk assessment should be conducted by someone knowledgeable in IT and security. This person should understand not only the technical aspects of computer use but also the business practices used by an organization or individual who uses them as well as other factors such as physical access to computers and networks, personnel issues (e.g., hiring practices), legal requirements (e.g., privacy laws)
    • Educate staff- Human error is one of the major causes of a data breach. Investing in educational programs to train people to respond to cyber threats is helpful to avoid the majority of data breaches. Staff needs to know the importance of security protocols, so they won't bypass them unknowingly to prevent cybercrime.
    • Use biometric technology- Biometric technology is the future of security. It incorporates biological features, such as fingerprints and iris patterns to verify a person's identity. Biometrics has been around for several decades, but it has seen a recent surge in popularity due to its accuracy and easy implementation.
    • Keep an eye on Privileged users- Employees who have access to sensitive information can be one of the greatest assets or threats to the company. No matter how much you trust them, they may misuse your data and go unnoticed. Activate user monitoring solutions to keep track of their activities.
    • Phishing- Hackers use phishing techniques like spam emails, messages, or phone calls to collect sensitive information from employees. Use appropriately configured spam filters and train your employees about various phishing techniques. Conduct mock phishing calls to test their level of awareness.

    ITSM, ITSM templates toolkit