A cyber-security strategy needs to be on always, never on standby, writes Graham Marcroft, Operations and Compliance Director at Hyve Managed Hosting.
Especially as the frequency and sophistication of cyber threats growing year-on-year with cybercrime damages expected to cost businesses a massive $6 trillion annually by 2021, according to Cyber Security Ventures. No organisation should be under the impression that these worrying statistics are reserved only for the biggest players in the landscape. In fact, cybercrime is indiscriminate, and businesses of all sizes across all industries are increasingly at risk from sophisticated threats.
As most organisations are on a journey to achieving digital transformation, 100 per cent uptime is a necessity; not a bonus. So, the construction and implementation of a complete cybersecurity strategy to ensure this is achievable should be a matter of priority that is engaged with across the entire company.
The first step is understanding the importance of having a solid strategy in the first place, and following this up with technology that protects organisations’ increasingly digitally-driven business. If the best cyber-security strategy is one with many strings to its bow, where do you start, and what should it include? Here are my six steps to complete cybersecurity-satisfaction:
1. Recognise the importance
It should never just be the IT team’s problem to ensure that systems and applications are working and secure across all aspects of the company. Any discussion around implementing proactive prevention of cybersecurity vulnerabilities should be attended by board-level executives and treated as a top business priority.
Often, security strategies are seen as a big investment with little measurable return, but the cost of downtime, repairs and reputation can be detrimental to any business. All business owners should be looking to ensure that they mitigate the risk of all of these costly failures by being proactive rather than purely reactive with their cybersecurity strategy.
2. Give your people the right tools
Human error is widely considered to be the ‘weakest’ link and biggest threat when it comes to online security and data protection in the workplace. So, without appropriate training and education, people and businesses can fall victim to cyber attacks. Because of this, every business should look to integrate cybersecurity in the everyday working lives of employees as part of their wider cybersecurity strategy.
Businesses should always implement good cybersecurity training for employees. One top tip is to avoid dreary seminars and PowerPoint presentations, and instead give practical, accessible advice about recognising cyber attacks and how to prevent them. Get creative and think of ways to incentivise security awareness with competitions, ethical hacking and focussing on the individual’s vital and ongoing role in cybersecurity. Even by understanding phishing attacks, promoting safe password management and protecting sensitive information, employees can make more informed decisions about potential security risks. This will go a long way to keeping your business robust and resilient.
3. Stay reactive, but get proactive
Once you have established how crucial this strategy is, it is vital to think about the kind of preventative measures you can take to mitigate any disasters. Often, proactivity gets overlooked for a reactive approach, but both should be thought about in parallel for optimum security and IT resilience.
There are practical ways in which organisations can ensure they are protected, and there are better technologies available for the effective prevention of cyber-threats than ever before. Businesses should be researching the tools and applications that are designed to track, monitor and react – and importantly, solutions that will intelligently integrate with your IT infrastructure.
The use of an intrusion prevention system (IPS) is a good example of proactive technology. It can be seamlessly integrated into enterprise security information management processes, with no effect on traffic speeds or the business. It inspects network traffic, and blocks network activity which it identifies as malicious, harmful or unwanted, all in real-time to ensure there is no delay. Business owners can then relax in the knowledge that they are protected against security threats such as botnet attacks. If you are unsure, a Managed Services Provider (MSP) should offer these kinds of solutions, and can ensure your organisation is not only utilising the best security technology, but has a team of experts to seamlessly manage it all.
4. Plan for disaster recovery (DR)
At the same time as taking action with further prevention and detection, businesses should be looking at what they will need in the event of a disaster. There are a number of considerations to make before choosing a technology or solution for the DR element of your cyber security strategy.
First, businesses should implement a risk assessment that identifies which systems, applications and types of data are most critical to their specific business operations. Risk assessments and business impact analyses help to simplify the process and move the DR strategy in the right direction. For example, a business that follows any certified accreditation would include it as part of business continuity planning.
Recovery objectives are also important to provide an estimate of how long it takes to get a business back up and running in the event of a disaster. A Recovery Point Objective (RPO) defines the point a business can return to in a server’s timeline after a disaster. With daily backups, for example, the maximum RPO would be 24 hours. A Recovery Time Objective (RTO) sets out how long it takes to recover from a situation such as a full data centre disaster. These considerations ensure you know exactly where you stand with your DR strategy, and ensure it can be implemented efficiently, and with peace of mind.
5. Know your DR options
Now that you know what you need from the important DR element of your overall cyber security strategy, it’s time to look into the actual technologies and options that are available. A solution to consider is one of the most sophisticated DR solutions, “hot DR”, which replicates and synchronises an organisation’s entire system architecture, data storage and applications to a secondary data centre. If a disaster occurs, the failover system switches the company’s DNS to the DR site, enabling the business to continue serving staff and customers. In the event of a catastrophic disaster at the production site, the DR site takes over as the production site.
If, like many businesses, you are utilising a cloud-first approach, then it is worth bearing in mind that the cloud has had a significant impact on DR. Because, by increasing performance and reliability, while lowering running costs, cloud services have made DR more accessible and affordable. While utilising the cloud for your DR strategy can be a great idea, without proper management it can get a bit complicated. Managed cloud providers are enabling companies to focus on their business and not be distracted by complex IT, enabling in-house IT teams to focus on more strategic activities and providing the infrastructure, data centre and support engineers to run everything for a business.
6. Use a hosting provider
Armed with your more well-rounded understanding of what your business needs, as well as what technologies and solutions are open to you, now you can think about how to implement this easily, efficiently and now. Working with an MSP can often be the answer to solidifying your crucial security strategy, as it provides ease of management, scalability and complete integration. By utilising a reliable MSP, companies can put all of the technologies to good use, and deploy excellent cyber-defences through a security as a service model.
With so much focus on their own platforms, networks and performance, managed service providers are well-placed to deliver the right cyber-security solutions for businesses to minimise risk and downtime. Your hosting provider should back-up the promise of 100 per cent uptime and go beyond expected standards to ensure your business is “always-on”.
A growing number of IT managers are realising that choosing the right MSP can mean much more than just flexible and scalable IT infrastructure, but can be the difference between being vulnerable to an attack, and having a completely secure, managed and monitored environment for critical data. Having a team of experts available 24/7, that are able to remotely manage all of the tools and technologies of your advanced cyber-security strategy, will ultimately ensure the safety of your increasingly valuable, and growingly vulnerable, business and user data.
