Your company’s new IT security policy and how to implement it
Keeping your business safe begins with a robust, considered internet security strategy that’s specific to your individual company and is constantly monitored. As you might imagine, that’s no mean feat, but if you work with Couno we’ll take care of everything.
Why you need an IT security policy
We get it. Internet security is just another thing to use up time and resources on. But the bottom line is these policies save businesses. The risk of a cyber attack is a very real one – it’s the number one threat to organisations of all types and sizes. Over half of British businesses and two in ten charities experienced at least one attack between April 2017 and April 2018, and that figure continues to rise.
When cyber security breaches happen, all sorts of things go wrong. First, there’s the inconvenience and time wasting of frantically trying to restore lost files and get systems working again. Second, there’s the damage to reputation – under the GDPR all organisations falling foul to an attack have to report it to the Information Commissioner’s Office within 72 hours. The ICO then have a duty to make this information public – leading to a lot of unsettled customers and potentially gleeful competitors.
That’s all before we even consider the financial costs. Lloyd’s of London has estimated that the global cost of a serious cyber attack adds up to more than £92 billion. The average financial cost of an incident is thought to be £857,000, with the cost of an attack rising by a huge 62% between 2013 and 2018. And statistics show the 60% of UK SMEs close for good within 6 months of an IT security policy failure.
One of the biggest reasons cyber attacks are so prevalent now is the time it takes for victims to realise they’ve been had. The longer it takes, the higher the stakes.
Here are a few figures to illustrate how easy it is for hackers to make big money without having to do very much at all:
Malware takes an average of 6.4 days to be discovered, racking up costs of £1.57 million
- Web-based attacks: 22.4 days/£1.52 million
- Denial-of-service (DoS) attacks: 16.8 days/£1.52 million
- Malicious insiders: 50 days/£960,000
- Malicious code: 55 days/£960,000
- Phishing and social engineering: 20 days/£960,000
- Stolen devices: 14.6 days/£700,000
- Ransomware: 23.1 days/£520,000
- Botnets: 2.5 days/£260,000
Your biggest threat is probably someone you see every day
Cyber criminals are the bad guys, and they’re hard to catch thanks to the anonymity of working solely on the internet. But they can only infiltrate your system if someone lets them in, which is where your staff come in.
90% of data breaches are caused by user error. That means well-meaning, ill-informed workers making bad decisions when they’re pushed for time or trying to do the right thing. Hackers rely on the fact that people like to please their bosses, so they’ll use all sorts of convincing methods to catch them off-guard.
Incidents of phishing emails are rising daily, with a survey from McAfee finding that an alarming 97% of users didn’t know how to recognise a phishing email. Typically the hackers will send fake emails claiming to be from a member of an organisation’s senior management team, requesting urgent and very important information. To the uninformed eye they look just like the real thing, and because so many people don’t like to question the boss they go ahead and hand over all sorts of information like user names, passwords and even bank details.
It might sound like only a very naïve person would be caught out, but the statistics say otherwise. Phishing emails are often sent at the end of the working week, when tired staff are thinking about going home and the office is thin on the ground.
Your company is under constant threat from malicious parties interested in only one thing -your data. They don’t care what that data might be, they care that it’s important to you and will probably be of interest to someone else on the open market.
Never use a template
A lot of companies think they can solve the problem by just downloading a generic security policy from the internet. But your company, the business you do and the customer base you serve are all unique to you, so your security policy must be too.
We understand that for many board members and senior managers it’s really difficult to know where to start. The nature of the threats involved can be tough to understand, and the GDPR has added a whole new layer of complexity and red tape.
The best way – and we promise this is true – is to work with an expert in IT security who can draw up a bespoke internet security policy that really works for your business and is constantly monitored. You can trust us to be absolutely fair and transparent from the outset; providing you with a robust policy that won’t cost the earth but could save your business.