Four in ten UK businesses reported a security breach in 2021. In fact, as fewer companies are now deploying security monitoring tools or undertaking any form of user monitoring compared with last year, it's more likely this number is even greater.
Hiding from the problem won't make it go away: it'll make it worse.
As a business, you need to review and update your security posture to ensure you're properly protected.
What is a security posture?
'The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defence of the enterprise and to react as the situation changes.'
So, no, a security posture hasn't got anything to do with how you're slouched at your desk. We'll just pause for a moment while you readjust. Better?
Now that we've got that straight - in every sense - here's how to tell if your organisation's cybersecurity isn't good enough.
1. You haven't educated your users
85 percent of cybersecurity breaches are caused by human error. It remains the number one reason for data breaches. On top of that, pandemic-related stress has been shown to impair working memory and increase the risk of people making mistakes.
You must educate your employees about IT security so they are in the best possible position to avoid such mistakes. This training can cover everything from keeping your hardware secure to how to recognise phishing attempts.
We recommend refreshing your IT security training every 6-12 months. It's like a vaccine booster. You may want to bring in a third-party expert to help you establish security fundamentals. An evergreen managed security service will help you keep up to date on all of these points, in fact.
2. You don't have effective security best practices
IBM found that businesses with mature zero trust policies save considerably on the costs that a poor security posture can entail. Implement best practices such as:
- Strong password protection using a password manager to reduce your reliance on people's memory - try a tool such as LastPass
- Multi-factor authentication for work applications
- Identity and access policies built around the principle of least privilege
If you're not sure what best practices to follow, our free cybersecurity assessment is the right place to start:
3. You haven't given your team the right tools
Organisations have been forced to implement hasty Bring Your Own Device (BYOD) practices to allow remote working in the last few years. Short of shelling out for company-provided hardware that is configured with security in mind, businesses on a tight budget can still give users the right security tools for the job.
Start with email, which is a major weak point for a breach. Here, active anti-phishing tools and other email security add-ons, such as Mailock for Outlook, can go a long way to lowering your risk.
4. You don't do regular risk assessments
Consistency is key. As with training, you want to ensure you're conducting regular cybersecurity risk assessments. Once every quarter is about right. More so if you are running digital transformation projects, as - when mishandled - this activity can draw the attention of external threats or lead to data leaks.
(Of course, it's worth it: organisations further along in their cloud modernisation strategy contain breaches 77 days faster than those in the early stages.)
Speaking of assessments...
Get your Cybersecurity Assessment
HTG is offering qualifying companies a 40 page report on their security posture. This assessment will audit, analyse and report on your cybersecurity. Don't miss this unique opportunity to secure your business.