5 reasons why basic cyber hygiene should never be underestimated!
In our day to day lives we brush our teeth twice, wash our bodies day and night, wash our hands many times and try to stay as clean as possible to get rid of germs and prevent any illnesses. Yet how many of us have actually not caught germs by doing all of these things?
It’s the same case when it comes to cyber hygiene. Just because you invest millions and set up a secure firewall or have integrated 2-factor authentications into your system, does not mean your IT infrastructure is invulnerable. Simply because new cyber threats and crimes are emerging every day and businesses must continuously hone their security controls and practices.
Myself, coming with zero knowledge on cybersecurity and working for product/B2C based organizations for over a decade, I can guarantee that most organizations are not educated on cyber hygiene. Sure the IT department might know but whether they apply a simple HTTPS control on the company website or thoroughly educate employees on cyber attacks to prevent human errors, is almost unheard.
So what are these 5 reasons why basic cyber hygiene should never be underestimated? Here goes:
1. We live in a VUCA world
The 21st century has become a Volatile-Uncertain-Complex-Ambiguous world more than ever. The year 2020 itself started with bushfires across Australia and the Amazon, locust threats in Africa, the Covid-19 pandemic, riots in the USA over #blacklivesmatter and so much more! While these global calamities were taking place, cyber criminals weren’t taking a break either. Right before Easter 2020 Google reported 18 million phishing and malware scams related to COVID-19 every single day. In July 2020, Twitter was hacked by targeting highly influential accounts in the pursuit of gaining bitcoins. Considering all of these we can only expect cyber criminals to get stronger and more strategic with their attacks. So if basic cybersecurity hygiene and standards are not in place, anyone can be hacked and lose valuable assets. As technology evolves so do cyber crimes and everything else.
2. Globally and locally SMEs are growing
Globally Small-Medium enterprises are often underestimated when they actually contribute vastly to the economy. In the US alone, out of the 5.68 million employers, SMEs account for 99% of it and 44% of those entities contribute to economic activities. In Sri Lanka although the value addition is low, SMEs consist over 90% of the total business base in SL. Most of these are home-grown businesses which contribute to the GDP. Due to their low operational costs and resources, cyber hygiene is almost always an ignored priority. In a situation where cyber hygiene is compromised, SMEs can be the most vulnerable and struggle to recover from. As it requires a lot of money, resources, time and effort which SMEs cannot afford, compared to a large organization. According to a recent Verizon data breach report, 43% of cyber-attacks are targeted towards SMEs. So to all the SMEs out there - what measures are you taking to improve your cyber hygiene?
3. Risk in losing the credibility of IT talent
One of the biggest misconceptions of cybersecurity is that it is the responsibility of IT or Technology, when in fact it is a total organizational matter. Since the majority of the non-tech leaders running businesses are unaware of this, their first reaction during a cyber attack/breakdown would be “Didn’t IT check this?” Or “Wasn’t IT aware about this risk?”. Due to this oversight that IT security is the same as cybersecurity, many organizations suffer. Most IT managers often lack in-depth cybersecurity expertise and knowledge, therefore there is no point in blaming them if your business suffers a cyber attack. The best option is to secure your IT infrastructure or hire a team of cybersecurity experts before it is too late!
4. Everything is now Digitized!
A decade ago, online shopping was very rare, Netflix was still opening to the international market with their online video streaming, IOT what? and Instagram was just launched! Fast forward to the present, everything is at your fingertips. We are facing a retail apocalypse with brick & mortars closing, FMCG (Fast Moving Consumer Goods) businesses must adapt to e-commerce and all enterprises must look at digitizing their infrastructure, sales and marketing strategies and operations. As Gen Zs and Millennials are taking over the consumer base, businesses must go digital for sustainability. Going digital means cybersecurity should be part of the core business priorities, similar to how physical security was essential to protect your company’s physical assets.
5. The “human” factor
Employees are the first line of defence, but also unfortunately the biggest blind spot. Most of the cyber breaches/attacks take place due to human error where one employee would mistakenly click an email containing malware or visit an unsafe website. One simple action could lead to losing the most valuable assets of the business, that they might never be able to recover. All of this is due to a lack of education on basic cyber hygiene and threats. Therefore it is absolutely vital that your staff be constantly educated and updated about cybersecurity.
In conclusion, cyber hygiene should never be compromised, irrespective of the above five reasons. So how can an enterprise, despite the scale of their business ensure cyber hygiene?
One basic and proven solution introduced by the UK government to prevent 80% of the most common internet based attacks, is the Cyber Essentials framework. It is a simple, yet effective self-assessment option, that when properly implemented, gives your company the protection against a wide variety of the most common cyber attacks, such as malware, phishing, ransomware, password guessing, network attacks and many more. Businesses of any size can make use of this certification and demonstrate cyber hygiene, plus gain a competitive advantage especially when dealing with international clients. For more information on Cyber Essentials, you can visit https://www.ncsc.gov.uk/cyberessentials/ and read up about it and ensure your business has the basics covered for cyber hygiene!
We at Meta Defence Labs can help with fixing your organisation's cyber hygiene too. We are an award wining team of security experts & a UK government accredited certification body for the UK Cyber Essentials and IASME framework. We can help you in gaining your Cyber Essentials & IASME with GDPR compliance certifications.
If you like some help contact us on : info@MetaDefenceLabs.com, +44 (0) 203 222 4060
Written By: Navanthi Rajakaruna
