Cyber Security – A reminder

Even if you’re not an avid user of social media and messaging apps, it has been hard to avoid the news that Facebook, and its various other acquisitions, were inaccessible for more than 6 hours on Monday (4^th October). Approximately 2.8 billion users worldwide lost access to several of world’s most popular social apps. The outage did not just affect casual users; Facebook’s platforms are relied on by companies across the globe to communicate with their customers and conduct business on a daily basis. Even Facebook itself saw its 60,000 staff unable to use any of their internal systems and, in some cases, gain access to office buildings.

The event brings into sharp focus the impact that cyber issues can have on a business, even if not of any malicious origin. The 6-hour outage of Facebook’s platforms has undoubtedly caused reputational damage, with many disgruntled users flocking to Twitter to complain. Facebook also incurred loss in revenue for the time its platforms were down and, within 24-hours, faced a drop in its value of nearly £37 billion.

It’s important to remember that it’s not just big businesses that can be affected. Cyber issues can have major impacts on companies of all sizes, particularly if they result in a client data breach. As well as reputational damage and loss of client’s trust, not effectively securing systems and protecting client data, could result in additional financial costs e.g. fines or penalties, or even legal or regulatory consequences.

So, what should businesses do to protect their systems?

All business should take a few key measures to protect their systems:

• Conduct regular reviews to ensure all software, including operating systems, are up to date – especially on older hardware which may be more vulnerable to attack or fault.
• Ensure firewalls and anti-virus protection are in place
• Implement role-base access control which restricts access to data based on an employee’s position within the company
• Have a strong cyber policy which:
  • Enforces the frequent changing of device passwords and the use of secure, unique passwords for different devices/accounts (secure passwords should use upper- and lower-case letters, numbers, and special characters)
  • Includes a data storage policy which precludes the use of portable storage devices to prevent the unauthorised transfer of sensitive data
  • Reminds staff how to safely use email e.g., ensuring they do not open emails from unrecognised addresses or open unknown links within emails
  • Prohibits the use of work devices for personal use e.g. logging into personal social media accounts or email.

This policy should be regularly reviewed to ensure all points are in line with the latest cyber security guidance.

Perhaps most important is the need to ensure staff are aware of all policies and procedures, as well as any cyber risks they may face. This can be achieved by ensuring cyber security is covered thoroughly within the employee induction process and suitable training is provided. A number of courses on cyber security and risks are available on the Aviva Development Zone to aid in this process.