In light of the findings from E&Y’s 2012 Global Information Security Survey, Mark James, the technical team leader of ESET UK commented on what they mean to companies and what organisations can do to better protect their data.
“The data compiled in E&Y’s 2012 Global Information Security Survey is indeed alarming but not unexpected. A lot of organisations do not have any plans for protecting against cyber-attacks; most think they are "under the radar" and that they are not targetable, but the truth is that any company that holds information can become a victim. In most companies, employees are aware of the where the fire exits, kitchen, toilets are, along with company rules regarding sickness and holidays. However, most of these will have had NO training in protecting company data and what to do if they believe company data has been lost or compromised. IT staff should have some degree of training in what to look for when it comes to cyber-attacks, the first signs are usually the most important and quick action will limit the loss. There should be someone in the team that has skills in this field and systems, both new and old, should be purchased or updated with protection in mind. Company training and awareness is imperative to starting the fight against attacks of this nature. After all, a competently trained IT staff member will be a valuable asset to keeping team members up to date with current threats and infections.
“Organisations can start protecting their data by following a few simple rules:
* Have a plan of action in place if you utilise schemes such as BYOD - what security software can be used on them? where is the data stored? who is responsible if the device is lost or stolen?
* Complex passwords are a must - the days of sharing passwords and making "life easy" for the user are long gone. It is YOUR data, so make sure you protect it!
* Make sure you encrypt any data (especially if its mobile)
* Have a plan of action if your data is compromised - often being able to contact a specialist who has knowledge and previous experience in cyber-attacks, could save your company thousands of pounds and more importantly "your reputation"
* Multi-layered protection is one way forward – several layers of security will work better than just one
* Make sure your data is backed up properly and security systems are tested regularly”