Taking steps to protect a company from cyber security threats involves constant adaptation. The risks are perpetually changing, and even the most diligent IT safety director may be tempted to throw up their hands now and then. It’s a challenge to fight enemies that swiftly and deftly change their tactics.
Recent studies of current cyber security strategies found that many companies are allowing for a lot of risk, and aren’t taking enough action when it comes to preventative measures like training employees. In addition, not only are hackers regularly changing their tricks, but the expansion of cloud technology and the Internet of Things (IoT) is complicating the security landscape.
Employee training: A recent study found that only 61 percent of companies require their employees to participate in cyber security training. That number drops even lower among high-risk financial services industry companies. This is despite the fact that many cyber security attacks take place through an employee mobile device. Many of the most common threat areas involve human error, including theft of proprietary data, unauthorized access to data, compromise of mobile devices, and ransomware.
There are areas that present a threat to the company’s system that can be quickly and easily addressed through an employee education program. For instance, guidelines for a strong password choice and eliminating Shadow IT are just two risks that could be mitigated through training.
Insurance: It’s becoming a common occurrence for enterprises to invest in cyber security insurance, with the study referenced above indicating that 28 percent of respondents reported they will allocate all or most of their cyber security budget to insurance next year. When it comes to tech companies, that figure increases to 43 percent.
Cyber security experts warn that this is a common mistake companies should avoid by pairing insurance with prevention and detection efforts. By allocating all of their budgets to insurance, they neglect the fact that some of the damage from a breach is irreversible. It’s critical to have a prevention plan, so that areas like reputational damage, which cannot be solved by insurance, are never an issue. Depending on the insurance plan, the company may not have coverage for things like downtime or customer attrition.
IoT: As enterprises launch fleets of IoT devices containing sensors for data collection and reception, cyber security gets much more complicated. The flood of data exchanges and the increase in the number of devices interacting with company systems and cloud applications creates a broader plane for security breaches. Companies embracing IoT technology will likely edge out the competition, but they need to do it with a carefully planned and executed cyber security strategy.
At Compass Solutions, we’ll work with you to create a cyber security plan that identifies and addresses vulnerabilities with your clients. We’ll provide ongoing guidance and strategy so a business is never caught off-guard. Contact us today for more information.