Each year, we develop a range of content with the aim of educating organisations on cyber security threats and helping them defend their assets and reputation, so for us every month is Cyber Security Awareness Month. However, for the bulk of the population, October has been set aside for that purpose. If you haven’t made time to understand how you and your organisation can be affected by online threats, now is the perfect time.
To get your started on your journey to improving your cyber security, we’ve put together the list of questions we’re asked most often and some further reading (if you’re keen to learn more). Here we go:
Where do I start with cyber and information security?
Cyber security really isn’t as complicated as it seems. Sometimes, it’s like needing to write a report and the blank page makes it seem overwhelming. For many organisations, it’s about finding the right framework. That’s why we’ve put together a 101 on the three most requested frameworks: Cyber Essentials, Cyber Essentials Plus and ISO 27001; you can read it here: Which information security framework is right for your organisation? The choice between Cyber Essentials and ISO 27001
What’s the easiest thing to implement in my office?
In the same vein, there are many controls every organisation should put in place to ensure good defence against cyber threats—from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like penetration testing and phishing assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cybercriminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right. You can read our article here: What is password hygiene and why is it important?
How do I know what I need and what if I get the wrong service?
Finding the vulnerabilities in your defences is one of the first activities you should undertake when you’re looking to improve your cyber security posture. But, how do you do that? Well, as a starting point, you’ll need to decide between a penetration test and a vulnerability assessment. That sounds simple enough, but what’s the difference between the two? We get this question a lot and because we’re big believers in not investing in something you don’t need, we’ve put together an in-depth explanation; you can read it here: What’s the difference between a vulnerability assessment and a penetration test?
Am I investing my cyber security budget correctly?
On that note, are you investing in the right areas? You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in. Take a look at our article on getting the most from your budget: Is your limited cyber budget invested to maximum effect?
How do I educate my team to handle cyber threats?
The cyber threat is ever changing and even with the best technical defences in place, the end users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Our Director of the PGI Cyber Academy has put together a roadmap that any organisation can follow, and like knowing where to invest your budget, how you train your team also starts with understanding your specific threats. You can read the article here: Cyber education for your workforce – where to start.
What do I do when something goes wrong?
Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation. We’ve put together the five reasons you should have a cyber incident response plan in place (and some encouragement to put one together); you can read it here: 5 reasons your organisation needs a cyber incident response plan
How PGI can help
From educating your Board and workforce, to conducting in-depth penetration tests and information security management systems, our team of cyber and information security experts can help you defend your important assets and reputation. If Cyber Security Awareness Month has inspired you to take the first step, please contact us: call on +44 845 600 4403 or email us at firstname.lastname@example.org