According to the 2021 UK Cybersecurity Breach Survey, four out of every ten organizations reported a cyber-attack in the last year, and as enterprises transition to a new era of hybrid operations post COVID-19 pandemic, robust cybersecurity is more crucial than ever.
The national cybersecurity awareness month, which is celebrated every October to raise awareness about the importance of cybersecurity measures for businesses and consumers, is an exciting time for everyone to think about their cybersecurity practices and make sure they are doing everything they can to protect themselves.
The following sections provide some useful tips for bolstering cybersecurity in organizations.
Make Cybersecurity A Priority
Putting cybersecurity on top of all activities of an institution demands that, the top management accept and apply cybersecurity procedures and encourage subordinates to follow suit. So long as electronic devices are leveraged in executing and improving work output, staff (from top executives to the least) should be reminded of the dangers and preventive measures on the use of devices on a network as anyone on the network can be a target.
This awareness can be done by the National Cybersecurity Authority. For example, during this year’s National Cybersecurity Awareness Month, professionals and experts were invited by the Authority to discuss cybersecurity matters of national importance. This is progress and should be encouraged.
Workers are also required to support their organizations in safeguarding organizational assets from cybersecurity breaches. Compliance with Ghana’s Cybersecurity Act will help improve cybersecurity in organizations.
Establishing Cybersecurity Policies
Since security is a concern for both the employer and employee, an effective way to raise awareness of cybersecurity is by establishing and implementing cybersecurity policies. There are always the tendencies of sharing passwords, clicking on malicious web links, and opening attachments without knowledge of its source among workers. So, setting up policies will serve as a check for workers as well as create a credible public image for the institutions, in that the customers, shareholders, and prospective employees see it as evidence that the organization can protect its sensitive data.
Recruiting And Retaining Competent Cybersecurity Professionals
Having the right people for the right job is as important as establishing cybersecurity policies. It will be crucial for all organizations to realize the need for cybersecurity professionals to address these complex and ever-evolving threats in cyberspace. Liaising with some professional organizations such as the Institute of ICT Professionals, Ghana (IIPGH), and others for the supply of experts in the fight for a safer and more secured organizational cyberspace.
Using The Appropriate Cybersecurity Tools
Relying on only antiviruses for system and data protection and privacy is not enough. Sophisticated tools are now employed by cybercriminals in the exploitations of vulnerabilities in systems. This approach in turn requires equally sophisticated tools for the prevention and mitigation of such attacks. Tools such as security information and event management systems, endpoint detection and response systems, firewalls, vulnerability scanners, intrusion detection/prevention systems, among others, will be of immense help to organizations.
Backup Your Data
Keeping copies of data is a smart way of recovering from a disaster that affects data. Failure to back up your data and information in times where cybercrimes abound, and data are being compromised daily, is planning for doom. Until there are data breaches, most individuals, institutions, and even countries take backup lightly. It is, however, crucial for cyber citizens to embrace the practice of backing up frequently and efficiently.
Backing up ensures important files are kept safe and secured from data loss. Encryption of these data adds extra security to the backed-up data. It serves as a reliable means of restoring lost data. Resources such as time and money are saved, especially in a ransomware attack. The time required to restore data is shorter due to the availability of the backed-up data.
The frequency of backing up data can be daily, weekly, monthly, or quarterly, depending on the importance of the information. Critical data require to be backed up frequently.
The 3-2-1 rule is a best practice for backup and recovery. It means that when you build out your backup and recovery strategy you should:
- Keep at least three copies of your data. That includes the original copy and at least two backups.
- Keep the backed-up data on two different storage types. The chances of having two failures of the same storage type are higher than for two completely distinct types of storage., For example, if you have data stored on an internal hard drive, make sure you have a secondary storage type, such as external or removable storage, or the cloud.
- Keep at least one copy of the data off-site. Even if you have two copies on two separate storage types, but both are stored on-site, a local disaster could wipe out both. Keep a third copy in an off-site location, like the cloud.
Everyone must be encouraged to back up their data.
Educate Your Employees
In this technology age, institutions must continually train their employees to build a security-conscious workforce that is mindful of the numerous threats they face. With the surge in cybercrimes, possessing knowledge and a good understanding of cybersecurity is required. Though security training is on the rise, a lot more is needed to augment the existing ones. One approach is to engage employees and make them more proficient in identifying cyber threats.
A routine awareness and training plan should be developed to address the most common cybersecurity risks facing organizations; like social engineering, use of outdated software, ransomware, and bad password practices.
Establishing Cybersecurity policies and their implementation by organizations will boost the confidence stakeholders have in them regarding the availability and security of data. This, moreover, indicates that such an institution is concerned with and considers cybersecurity a priority. Effective backups will ensure the availability of information/data.
It is known that the largest contributors to data breaches are a lack of education and human errors. Everyone, especially organizations need to start implementing tougher protocols and make cyber training a basic and core part of orientating fresh staff.
Author: Constant Worlanyo Agbeko, IT Officer | Member, Institute of ICT Professionals Ghana
For comments, contact firstname.lastname@example.org