Elevate your cybersecurity defences

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.

October 19, 2023 - As organizations become more digitally advanced, cybersecurity programmes become increasingly critical. Over the last three years, the global average cost of a data breach has increased by 15 percent. Of those organizations who experienced a breach, just one-third discovered the attack through their own security teams, highlighting a need for better internal threat detection and a stronger cybersecurity posture.

As a quick refresher for Cybersecurity Awareness Month, take a look at these eight steps to enhance your organization's cybersecurity readiness and safeguarding against potential threats:

1. Multi-factor authentication: Mandate the use of multi-factor authentication across the organization. Two or three layers of security significantly reduces the risk of unauthorized access, even if login credentials are compromised.
2. Use approved devices only: Hybrid and remote work models have exacerbated cyberattacks. It’s imperative that organizations ensure employees use only work-approved, secure devices when working remotely. Employees should also have access to an encrypted VPN and avoid public networks, which are highly susceptible to cyberattacks.
3. Change system passwords: Regularly update system passwords so previously stolen credentials are rendered useless to malicious actors. Additionally, installing a password manager effectively ensures different passwords are used across various accounts. (Read more in Protect your digital identity on World Password Day with stronger credentials.)
4. Patch and protect: It is the role of cybersecurity professionals to ensure that systems are patched and protected against all known vulnerabilities. Implementing intrusion detection and prevention systems can also actively protect against threats and unauthorized access.
5. Data backup: Regularly backup data and ensure that these are stored offline or in a secure, isolated environment. Offline backups are inaccessible to malicious actors, reducing the risk of data loss due to ransomware or other attacks.
6. Practice: Conduct cybersecurity drills and exercises to test the organization's incident response plan. These simulations of various cyberattack scenarios ensure employees become better prepared to respond quickly and effectively to minimize the impact of a real attack.
7. Encryption: Implement encryption for sensitive data, both in transit and at rest. Encryption ensures that regardless of data being stolen, it remains inaccessible without the encryption keys.
8. Educate: Teach employees the common tactics used by attackers over email or through websites. Organizations could simulate a phishing email and offer training to those who fail to recognize it as a potential breach. Employees should also feel confident in reporting unusual behaviour on their computers or phones.

Though these recommendations are easy to understand at a surface level, many organizations find fulfilling them a challenge due to system architectures already being designed and implemented. However, building these protocols into business strategies will help mitigate data breaches and the knock-on effects to operations.

Read more on building organizational resilience in Strategically building breach resilience by Stephen Scott, Practice Director, Digital Trust Consulting, BSI. Find out how to embed privacy protection within your organization in Embedding privacy by design by Conor Hogan, Global Practice Director, Data Governance, Digital Trust Consulting, BSI. For more insights on other digital trust, privacy, information security, and environmental, health, and safety topics that should be at the top of your organization's list, visit BSI's Experts Corner.