The recent cyber attack on the HSE has firmly highlighted the steadfast requirement for businesses and organisations of all sizes to review their current cyber security posture. The cyber attack on the HSE is by far the most devastating in this country to date but it’s certainly far from the first. Many many Irish businesses have been targeted by similar hacks in the last 12 months and a number of them have paid ransoms – they just all don’t make the media.
Often businesses feel they have no choice but to pay or risk going out of business if they don’t retrieve their data from the criminals. This is not a position any business wants to find themselves in.
Adequate cyber security is not a once off solution, it has many layers and touchpoints. It requires a strategic approach. IT Security needs to be managed and reviewed and most importantly it needs expert attention.
So where do you start?
Before you rush into buying and implementing various anti-virus or end point protection solutions you need to have clarity on what your specific business needs to protect your data and systems. Every business differs in this regard. You will most likely already have some cyber security measures and solutions in place – some of which may need upgrading, others may be suitable but only if complemented with solutions in other areas. The simplest and most efficient way to fully understand your IT security needs is to undertake a cyber security review.
Instead of advocating the benefits of cyber security risk assessments, of which there are many, let’s take a look at the risks of NOT conducting a cyber security review or a cyber security risk assessment.
Potential Risks of not conducting a Cyber Security Risk Assessment
No real understanding of your current cyber risk level: An audit will help ascertain your current strengths and weaknesses and identify paths to improvement. Determining where your maturity level lies in the cybersecurity scale is the quickest and most efficient way to improve cyber resilience.
High Maturity: Strong Risk Posture
Medium Maturity: Some adequate measures in place but more to do
Low Maturity: Lacking in many areas with significant work needed
Understanding your current risk level through practical testing and assessment gives true visibility on the security requirements. In short you identify the gaps but not only are they identified but proven through testing.
Inadequate Monitoring: Without clear understanding of which areas of the business represent the greatest risk it is difficult to allocate resources meaningfully, especially to those that need ongoing monitoring. As threats evolve and criminals learn methods to evade security measures, continuous monitoring has become a core principle of a robust cybersecurity program. In many industries compliance requirements enforce ongoing monitoring of threats. A security audit will identify the areas in your network that are weakest and where ongoing monitoring may be needed and to what level.
Inability to Determine Potential Impact: A Security Risk Assessment will identify how and where your current IT Security is weak. From this you can determine the potential impact that a cyber breach could have on your business and this will inform your Disaster Recovery planning.
Difficulty in Deciding on Level of Investment and how to Prioritise Response: If you don’t know the level of risk that your business currently faces it is impossible to prioritise your response. IT security is multi-faceted and different businesses will need different levels of protection depending on what they currently have in place, what compliance issues they face and what type of data they hold. A risk assessment will help you determine what level of investment is needed to adequately protect your assets and meet compliance requirements.
Also Read: Email Security is Paramount
So Why Bother with a Cyber Security Risk Assessment?
As new and emerging cyber threats challenge traditional responses cyber security demands a more sophisticated approach. Putting in an anti-malware solution across corporate computers will no longer be your guarantee of security in the modern age of inside threats and targeted attacks. Even moreso in an age where remote working is becoming the norm and employees are logging into networks from many different locations and often on unsecured devices.
IT Risk Assessments have a significant role to play when it comes to securing digital assets. Knowing what is in place and what is not via auditing and what is and what isn’t a significant issue is at the very core of understanding and implementing the right security.
While assumptions can be made, in many cases, they’re wrong. Time is the enemy. To adopt a wait and see approach is to put your business organisation at serious risk. The unfortunate HSE attack has proven that point.
Unfortunately, it’s the general opinion of most companies, particularly at the management level, that their computer systems are secure. However, one of the only ways to determine whether this is actually true is by performing a thorough audit of computer systems.
If you carry the burden of IT security risk in your business I would have a serious think about how you measure the risk and consider if you are taking the best approach. An IT security or cyber security review carried out by an experienced Cyber Security Company is the most efficient way to really understand what your current Cyber Security posture is.
And remember whatever measures you physically put in place it is critical that your staff receive cyber security awareness training to further strengthen your defences.
We work with Microsoft and Fortinet, the leading global Cyber Security Company to provide Cyber Security Risk Assessments for businesses of all sizes. We can help you learn what you need to do to uplift your current IT security measures and help protect from the latest wave of cyber scams.
Get in touch with us here.
Also Read: How to prevent a Successful Phishing Attack when Employees are Working Remotely?
Every year technological innovation seems to appear at speed but the Covid pandemic accelerated adoption of technology at a pace never seen before. Necessity is the mother of invention and this year more than ever businesses were forced to make rapid changes to their operating models.
Many discovered their IT wasn’t up to the job and as we face into more disruption many businesses are still not capitalising on the benefits that technology can deliver.
Now is the time to take stock. As evidenced in the pandemic change can happen suddenly. Businesses need to have the agility to act fast and not just maintain operations but improve them increasing productivity and efficiency.
What to Expect in 2021
It has been well documented that remote working will remain a staple of the business world into 2021 and beyond. Thankfully the right technology in place fully enables employees to be as productive from home as in the office. Modern communication tools such as video conferencing, instant messaging and cloud based solutions and apps like Microsoft 365 allow staff to collaborate in realtime, safely access and share files and documents and service customers effectively while situated offsite.
Hosted Telephony and VOIP is transforming the way companies communicate. Regardless of the physical location of your employees with hosted telephone solutions you can deliver cost efficient communications from the cloud. VOIP allows businesses to quickly react to change while maintaining best-in-class communication capability servicing customers quickly and effectively.
With Microsoft 365, OneDrive Cloud Storage and office apps your staff can be more productive now than ever before from anywhere. Microsoft’s Enhanced Productivity Suite (Power Automate, Power BI and Power Apps) boosts productivity further making outdated processes automated! Build time-saving workflows with seamless integration to automate mundane tasks. Inbuilt AI increases efficiencies and gives staff more time to focus on core objectives. Power BI can unlock valuable insights to business drivers and enable more informed strategic decision making. Power Apps allow you to build problem solving apps quickly and easily to automate processes across the business. It is expected in 2021 that the use of productivity tools will drive business transformation to create the digital workplace.
Stringent Cyber Security
There will be huge impacts on security in the coming year as the move to working from home continues. Identity and multi factor authentication (MFA) will take centre stage as more and more devices access networks and more processes move to online. The increased use of cloud will leave holes and vulnerabilities that could be exploited. Comprehensive security measures will be needed to protect against cyber-attacks and Advanced Persistent Threats (ATP) that are expected to continue to rise in 2021.
Uncertainty is the only certainty as 2021 brings an ongoing pandemic, Brexit and a new USA Administration. The smart businesses will Evolve & Adapt to a new world order early and this will allow them competitive edge. Technology and the clever application of it is the bedrock that will enable businesses to adapt and move forward successfully. In a world that is changing customer needs are also rapidly changing and budgets are under pressure. Optimising technology to deliver efficiency, adaptability, productivity all cost effectively will secure your business throughout some of the most challenging years that we have ever seen and beyond.
Get in touch with us
Contact us today and we will help you construct and realise your vision into the new year and secure your business for the future.
We were delighted to receive the SME PARTNER OF THE YEAR AWARD for Security from Exertis Ireland and Fortinet Ireland. It has been a challenging year in many ways and to have the hard work of the HSC team recognised by our partners is much appreciated. We have worked closely with Exertis and Fortinet on several Security projects this year. We look forward to more in 2021 and to hopefully celebrating our joint success together in person.
Thanks again to all the team at HCS, EXERTIS and FORTINET. Below is Dan Hegarty, Director accepting the award.
Covid19 has brought many changes and challenges to the business world including for ourselves in HCS. Many businesses have had to Evolve & Adapt to new challenges with innovation and creativity.
We have helped many of our customers to adapt to a remote working environment and we continue to support them as the restrictions look set to continue. Our own repsonse to the crisis involved the development of 3 new apps that we are using internally to help protect our staff and follow the public health guidelines. As part of our ongoing support to customers we offered these apps to their business FREE OF CHARGE.
SWIPEIN is an app that we built using MS Power Platform that automates the contact gathering and health screening process for visitors to a premises.
The app can be accessed via a touchscreen (we have it mounted on the wall inside our main door) or on a desktop at any entry point. A visitor can input their contact details and answer 5 quick questions relating to their current health status. The app also notifies the staff member they are visiting of their arrival by email. See video.
ONLINE HEALTH ASSESMENT
ONLINE HEALTH ASSESMENT: We have also built an online form using MS Forms that can be emailed out prior to a person’s visit which they complete online. Click to view form.
HCS LEARN365 is an online learning portal for staff using Microsoft 365. It has helpful tips, tricks and videos on using Microsoft Solutions like Teams, Outlook etc . It has a news section where you can share company news and also practical advice for working from home and being cyber security aware. LEARN365 gives staff quick access to the information they need to be more productive and more secure while remote. See video