Creating a culture of cybersecurity: Advice for business owners

Share on facebook
Share on twitter
Share on linkedin
Share on email

Cybersecurity will remain a major concern for business owners so long as there are ne’er-do-wells trying to break through digital walls.

As companies have become increasingly reliant on digitalisation those walls have spread out within a firm. Whether it be a remote office or simply an employee visiting a dodgy link, cybercriminals have many avenues to take in pursuit of a successful breach.

One of the key weapons in the fight against cybercrime is education, according to managing director and qualified security assessor at Galix Networking, Simeon Tassev.

Managing director and qualified security assessor at Galix Networking, Simeon Tassev

“While IT professionals understand the risks and know of the many threats that linger outside of unprotected networks, most of the people who actually use the systems, devices, networks and Internet aren’t quite as mindful – or aware – of cybercrime and security. Businesses looking to properly safeguard their IT environments need to ensure that their staff, who operate within this environment, know what the risks are and how to prevent them,” says Tassev.

The managing director points out that while many employees may be familiar with security protocols at work (firewalls and the like) very few people apply these protocols in their personal lives.

This is starting to change, according to Tassev.

“Most social media and other technology application vendors have put their own security measures into place, such as two factor authentications where, for example, a web site prompts users for their username and password as well as one time password PIN to verify their identity,” the MD says.

With Facebook and Google both disclosing breaches in 2018 we hope that folks are taking cybersecurity more seriously this year.

Tassev goes on to outline how businesses can go about creating a culture of cybersecurity.

What risks does your business face?

Every business should tailor its cybersecurity around the specific risks it faces and Tassev says that this is best done as a team.

“This needs to be a collaborative exercise between the business, information security and operational security, and should also include the relevant legislation and liability officers. Risk varies from business to business, and each department plays a vital role in understanding not just the risks, but their impact,” the MD says.

“The business should ensure its staff is constantly made aware of the risks, new threats, the potential for damage (both personal and to the business) and what users can and should do every day to protect themselves. This should become an entrenched practice; almost second nature,” adds Tassev.

Prevention is better than cure

Staff should also have regular training that touches on how to prevent cyber attacks and what to do in the event of a breach.

In addition to that, Tassev says that awareness of legislation should also form part of training.

“Part of the training of risks and security controls should include awareness of data security legislation and the impact to individuals as well as the business. This helps users understand what they are protecting within a business but also helps them to understand their rights when it comes to their own data,” explains the MD.

In addition to training and education, Tassev adds that incident management and cybersecurity incident management processes should be regularly reviewed to insure they cover all bases.

“It’s important for anyone using technology at any level to educate themselves on the risks of cybercrime and how to avoid incidents such as identity theft and fraud,” Tassev concludes.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.