From Monday 31st Jan, I will be recommending one control each day that your business should have in place in order to ensure a secure and robust security program. Cyber security controls are used to help to protect your organisation against the ever-increasing number of cyber-attacks and data breaches. All five controls that I suggest will be relevant to businesses of any size and will reduce the likelihood of a costly cyber attack or data breach. All controls can be found within the ARX Standard section on the Arx platform, which contains the core security components from ISO27001, Cyber Essentials and GDPR.
What are cyber security controls?
Let’s start out with the definition of a cyber security control. Cyber security controls are those processes your organisation puts in place to help protect against network vulnerabilities and data hacks. Cyber security controls can be physical protection techniques such as requiring keys to enter a restricted area or installing CCTV cameras in areas that contain sensitive data. Security controls are also used to protect digital data such as your organisation’s intellectual property (IP), as well as customer or employee data. These controls include restricting employee access to sensitive information or ensuring that all employees use a password manager to enhance password security.
Why are cyber security controls important?
As the old saying goes… ‘let the facts speak for themselves’,
- Statistics relate to companies with less than 500 employees
- The average cost of a data breach for small and medium-sized businesses (SMBs) has now risen to $2.98 Million (£2.08 Million).
- 43% of SMBs Lack Any type of cyber security defence plans
- A UK Business is successfully hacked every 19 seconds
- Up to 88% of UK companies have suffered breaches in the last 12 months. (Germany (92%), France (94%), and Italy (90%))
Needless to say, cybercrime is still increasing at a rapid rate. Organisations need to understand the very distinct risk of a cyber attack affecting them. It’s really a matter of when, not if your organisation will be affected. Companies simply can not afford to be complacent regarding cybercrime, as the value of digital data continues to rise. That being said, a robust cyber security plan can minimise the chances of such attacks and ensure that your business is able to operate continuously and safely within the digital realm. Cyber security does not have to be a complex or expensive solution but should be a well-designed program of security best practices and controls. These controls should be effectively enforced, explained and understood by all stakeholders connected to an organisation’s network.
Take back Control
Working within cyber security for some years now, I have come up with my own list of what I think are core controls that every organisation should have in place – regardless of size, industry, knowledge or resource. I say every organisation because the following controls are relevant from a sole trader all the way up to a multinational company. And in some way, the sole trader is connected with the multi-national company, whether that is a direct connection or through any number of tiers within a supply chain. Therefore, as the old saying goes, ‘You’re only as strong as the weakest link within your supply chain’.
In conclusion, I want to get across the message that robust security is a collaborative, proactive process – not a reactive last line of defence solution. So, with that said, check back in on Monday 31st of Jan to see the first of my five core controls for every business and begin your proactive journey towards becoming cyber secure.