Your company’s new IT security policy and how to implement it
Keeping your business safe begins with a robust, considered internet security strategy that’s specific to your individual company and is constantly monitored. As you might imagine, that’s no mean feat, but if you work with Couno we’ll take care of everything.
Why you need an IT security policy
We get it. Internet security is just another thing to use up time and resources on. But the bottom line is these policies save businesses. The risk of a cyber attack is a very real one – it’s the number one threat to organisations of all types and sizes. Over half of British businesses and two in ten charities experienced at least one attack between April 2017 and April 2018, and that figure continues to rise.
When cyber security breaches happen, all sorts of things go wrong. First, there’s the inconvenience and time wasting of frantically trying to restore lost files and get systems working again. Second, there’s the damage to reputation – under the GDPR all organisations falling foul to an attack have to report it to the Information Commissioner’s Office within 72 hours. The ICO then have a duty to make this information public – leading to a lot of unsettled customers and potentially gleeful competitors.
That’s all before we even consider the financial costs. Lloyd’s of London has estimated that the global cost of a serious cyber attack adds up to more than £92 billion. The average financial cost of an incident is thought to be £857,000, with the cost of an attack rising by a huge 62% between 2013 and 2018. And statistics show the 60% of UK SMEs close for good within 6 months of an IT security policy failure.
One of the biggest reasons cyber attacks are so prevalent now is the time it takes for victims to realise they’ve been had. The longer it takes, the higher the stakes.
Here are a few figures to illustrate how easy it is for hackers to make big money without having to do very much at all:
Malware takes an average of 6.4 days to be discovered, racking up costs of £1.57 million
- Web-based attacks: 22.4 days/£1.52 million
- Denial-of-service (DoS) attacks: 16.8 days/£1.52 million
- Malicious insiders: 50 days/£960,000
- Malicious code: 55 days/£960,000
- Phishing and social engineering: 20 days/£960,000
- Stolen devices: 14.6 days/£700,000
- Ransomware: 23.1 days/£520,000
- Botnets: 2.5 days/£260,000
Your biggest threat is probably someone you see every day
Cyber criminals are the bad guys, and they’re hard to catch thanks to the anonymity of working solely on the internet. But they can only infiltrate your system if someone lets them in, which is where your staff come in.
90% of data breaches are caused by user error. That means well-meaning, ill-informed workers making bad decisions when they’re pushed for time or trying to do the right thing. Hackers rely on the fact that people like to please their bosses, so they’ll use all sorts of convincing methods to catch them off-guard.
Incidents of phishing emails are rising daily, with a survey from McAfee finding that an alarming 97% of users didn’t know how to recognise a phishing email. Typically the hackers will send fake emails claiming to be from a member of an organisation’s senior management team, requesting urgent and very important information. To the uninformed eye they look just like the real thing, and because so many people don’t like to question the boss they go ahead and hand over all sorts of information like user names, passwords and even bank details.
It might sound like only a very naïve person would be caught out, but the statistics say otherwise. Phishing emails are often sent at the end of the working week, when tired staff are thinking about going home and the office is thin on the ground.
Your company is under constant threat from malicious parties interested in only one thing -your data. They don’t care what that data might be, they care that it’s important to you and will probably be of interest to someone else on the open market.
Never use a template
A lot of companies think they can solve the problem by just downloading a generic security policy from the internet. But your company, the business you do and the customer base you serve are all unique to you, so your security policy must be too.
We understand that for many board members and senior managers it’s really difficult to know where to start. The nature of the threats involved can be tough to understand, and the GDPR has added a whole new layer of complexity and red tape.
The best way – and we promise this is true – is to work with an expert in IT security who can draw up a bespoke internet security policy that really works for your business and is constantly monitored. You can trust us to be absolutely fair and transparent from the outset; providing you with a robust policy that won’t cost the earth but could save your business.
A successful IT security policy is now an accepted cost of doing business.
As leaders of your business, the first step is to make the decision to invest in an IT security policy. Your board members, leaders, and senior managers need to commit to identifying the threats within your business.
Couno has worked with dozens of clients in London and the South East on their IT security policies. These clients now have the strongest level of protection against data theft.
The threat to your business is two-fold – from people outside your company and from people you employ.
Your IT security policy needs to cover four areas for maximum effectiveness.
Once you’ve made the decision to device and implement a new IT security policy, a director or a senior manager must be responsible for the process, working with both your internal IT staff and your Couno IT security policy expert.
Your director or senior manager will monitor and report progress on both the planning and implementation of the new IT security policy, fully supported by their Couno representative.
Once implemented, Couno will provide regular and reliable reports (scheduled and in response to potential attempts at intrusion) to you and your company’s senior management.
For your business to really benefit from its new IT security policy, your employees must be involved. Couno will work with you on training your staff on how to minimise the risk of data breaches.
What opportunities exist for your staff to download data without authorisation? What should they do about sensitive information when they’re logging in from unsecure connections, like WiFi in a coffeeshop? What protocols are in place if a staff member’s laptop, tablet, or smartphone is lost or stolen?
Couno will first establish and then nurture a culture of IT security within your organisation through the education and empowerment of your staff.
Your computer connections to the outside world
Everything from your WiFi hotspots to the encryption services your company uses must be secured to the highest possible degree at all times. Couno takes care of this for you.
Your computer network
You can take important steps to secure your business by streamlining and adapting your existing computer network set-up. Alternatively, we can help you replace any ageing infrastructure.
Are there legacy programs on your network or your terminals that provide malicious actors with an opportunity to create a breach? Do you allow staff to download information directly from their terminals using removable media like a CD-ROM or a USB stick?
Does all your software have the latest patches? Would you or the people with responsibility for IT know how to find if the latest patches were available and then how to install them?
The “Friday afternoon fraud” – something all of our legal sector customers have asked us to protect them against.
When you buy a house, you’ll, at some point, have to transfer your deposit into your solicitor’s client account. Fraudsters recently hacked into emails sent between a client and his solicitors. The fraudsters emailed the client asking him to transfer £67,000 into the solicitor’s client account – but, of course, it wasn’t the sort code and account number of his solicitor’s client account he actually wired the money to. It was the fraudsters’ account.
Despite its near ubiquitous use, email is notoriously insecure and requires constant monitoring, patching, and repair. As part of your Couno service, we protect your email systems and the staff and customers who rely on it.
You can call Couno to arrange a free, on-site audit if you want to introduce an IT security policy to your company. Please dial (number) or email (address).
After receiving your audit, if you choose Couno as your partner, we promise absolute no minimum business disruption when we’re rolling out your service. We’re here to work with you and your staff so that you’re left to focus on enhancing both your productivity and profitability.
And as a Couno customer, you benefit from knowing that we can scale up or down your IT security plans according to the needs of your business. However, whatever your level of service, working with us means lower fixed costs and much smoother business operations.