Another week, another cybersecurity audit breach, or at least that’s how it can seem sometimes. Remember Hudson’s Bay, Panera and Under Armour they all reported data thefts. They are not the first companies to do so this year. While it would be nice to think they will be the last, that will only happen if companies, in general, get to grips with the theory and practice of IT security. GDPR poses another challenge, given the harsher penalties associated with non-compliance.
With this in mind, companies might wish to consider the long-term benefit of committing to a regular cybersecurity audits, which covers the following points.
It’s easy to repeatedly click “later” when a pop-up suggests a security software update It is important to keep your software and operating systems up to date so that they include the most recent cybersecurity features and block any holes that cyber attackers have identified.
It’s also important to remember that mobile devices vary widely in the ease with which their operating systems can be updated. Therefore, you may have to have a process in place to update devices in some way. Even if they are fully functional, you can move on to a more recent (and more secure) operating system.
It’s good to learn from your mistakes, but it’s generally a lot less hassle to learn from other people’s.
What has made the news headlines since your last audit and why? What has been covered in the IT press and what recommendations have been made based on it? If you read that Company X fell victim to a particular failing, then make sure that you are protected against that failing.
Head back to the IT press again or speak to your IT Support provider, for information on current cyber security topics to see if they need to be incorporated into your processes and/or systems.
On that note, make sure that all of your software is fully licenced and make sure you are on top of who is using what applications and also what hardware. Hopefully, users are not making software or hardware changes to their desktops or laptops (and hopefully you will long since have blocked external USB devices from connecting to your machines). The world of mobile devices can be somewhat harder to police unless you make a determined effort to do so and to educate your users regarding the importance of following your policies with regard to their use.
Regular IT Audits will give you an opportunity to start working towards legal, mandatory changes at a more leisurely pace. As well as seeing what predictions can reasonably be made based on the information available at the current time. IT Audits will allow you to take steps so that you are in the best possible position to accommodate them as, when and if they do actually occur. Most small businesses, charities and Not-for-Profit organisations benefit from working toward Cyber Essentials Certification as it formalises the cybersecurity process and brings it to the attention of the CEO