How do companies assess their vulnerabilities, know their cyber risk levels, and what should they do better?
The cybercrime industry is changing fast, and businesses and organisations need to keep pace. As offices reopen and hybrid working takes effect, companies will face new challenges and cyber criminals provided with further opportunities to catch people off guard.
Complete the Mazars cyber security checklist to assess how prepared you are to respond to a cyber-attack.
The following simple steps can be taken to minimise cyber vulnerabilities:
Social media awareness
- issue communications to staff on exercising caution when using social media, such as;
- think before posting online, including photos and status updates; and
- never share personal data of customers, work colleagues.
- educate staff on managing the security and privacy settings on social media accounts.
Digital footprint clean-up
- be aware of publicly available information on senior management and staff members that cybercriminals could leverage for an attack; and
- conduct a review of an organisation’s digital footprint to reduce the likelihood and impact of severe phishing attacks.
- implement an updated Acceptable Use Policy for staff and IT standards relating to device security relating to hybrid working;
- the rules on staff use of multi-factor authentication should be clear;
- devices should never be left unattended;
- passcode protection with automatic lockout should be in place; and
- IT teams need to ensure:
- strong disk encryption;
- remote lock and data wipe
- endpoint security;
- regular patching/automatic updates; and
- cloud backups.
Phishing simulations for organisations are among the most effective ways to manage human security risk, followed by regular communications on current types of cyber threats.
Simulations emulate an attack by a cyber-criminal whereby an illegitimate email is received by a cohort of staff, with the aim of testing if the individual either clicks on a link, downloads a piece of software/document, or inputs their credentials. If a staff member falls for the test, they receive an instant ‘teachable moment’. Conducting these simulations provide staff with the training and awareness they need to spot a potentially genuine attack and, over time, strengthen an organisations security defence
Cloud and third parties
- compile a list of cloud and third parties and prepare a questionnaire for self-assessment. This allows for the assessment of threats associated with third party access to an organisations’ environment;
- check to ensure third party providers are conducting vulnerability scans of your network and systems;
- implement penetration testing to see if a cyber-criminal can hack a system;
- review and update applicable third-party contracts to ensure that cybersecurity roles and responsibilities around protecting critical information assets are defined; and
- ongoing monitoring of cloud and third-party arrangements should occur, with quarterly updates to the audit, risk committees and the board ensuring adequate oversight and governance.
For more information contact us