Opinion / Columnist
How organisation can prevent cyber attacks
02 Oct 2023 at 02:49hrs | Views
Ninety-five percent of cyber breaches come from only three industries in 2016 - government, retail, and technology. The reason is not necessarily because these industries are less diligent in their protection. They are just very popular targets because of the high level of personal identifying information contained in their records. Most of these cybersecurity breaches are due to human error. Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never in the ICT department. An estimated 54 percent of Zimbabwe's companies say they have experienced one or more attacks in the last 12 months. There is now a need for Zimbabwean companies to protect themselves and train their employees to protect themselves from cyber attacks.
It is crucial to establish clear policies and guidelines for all company employees to follow. These policies can help create a culture of security awareness and minimise the risk of cyber threats. Some essential cyber policies to share with all employees includes:
Acceptable Use Policy (AUP): An AUP outlines what is considered acceptable and unacceptable use of company resources, including computers, networks, and internet access. It should address guidelines for personal use, prohibited activities (e.g., downloading unauthorized software or accessing inappropriate websites), and consequences for policy violations.
Password Policy: This policy should define strong password requirements, such as minimum length, complexity (including a mix of uppercase and lowercase letters, numbers, and special characters), and regular password changes. It should also emphasize the importance of not sharing passwords and using unique passwords for different accounts.
Data Classification and Handling: This policy outlines how different types of data should be classified based on sensitivity (e.g., public, internal, confidential). It specifies the appropriate handling procedures for each classification, including access controls, encryption requirements, and data retention guidelines.
Bring Your Own Device (BYOD) Policy: If your organization allows employees to use their personal devices for work purposes, a BYOD policy is crucial. It should address security requirements for personal devices, such as installing necessary security software, keeping devices updated, and guidelines for accessing company resources securely.
Email and Communication Policy: This policy focuses on best practices for email usage and other communication channels. It should address topics like avoiding suspicious attachments or links, being cautious about phishing attempts, not sharing sensitive information through unsecured channels, and guidelines for social engineering prevention.
Remote Work Policy: With the rise of remote work, it's important to have a policy that outlines security measures for employees working outside the office. This policy should cover topics like secure remote access, using virtual private networks (VPNs), securing home Wi-Fi networks, and physical security of work devices.
Incident Reporting Policy: Employees should be aware of the procedures for reporting security incidents or suspicious activities promptly. This policy should define what constitutes an incident, how and whom to report it to, and the importance of timely reporting to mitigate potential damages.
Security Awareness Training: Regular security awareness training sessions should be conducted to educate employees about current cybersecurity threats, best practices, and emerging trends. Training can cover topics like phishing awareness, social engineering, password hygiene, and safe browsing habits.
Cybersecurity is now a global priority as cybercrime and digital threats grow in frequency and complexity. However, one of the major obstacles to preventing cybercrime is the cybersecurity workforce shortage and lack of new professionals funneling into this industry. Therefore its paramount to have these policies regularly reviewed, updated, and communicated to employees. Additionally, ensure that employees acknowledge and understand these policies by requesting them to sign an acknowledgment form.
It is clear that businesses are under a constant threat of cybercrime and must take steps to defend themselves. Do not wait until it is too late, take steps today to prevent future data breaches and the consequences that follow.
For more details please call/whatsApp +263772278161 or chair@zict.org.zw
It is crucial to establish clear policies and guidelines for all company employees to follow. These policies can help create a culture of security awareness and minimise the risk of cyber threats. Some essential cyber policies to share with all employees includes:
Acceptable Use Policy (AUP): An AUP outlines what is considered acceptable and unacceptable use of company resources, including computers, networks, and internet access. It should address guidelines for personal use, prohibited activities (e.g., downloading unauthorized software or accessing inappropriate websites), and consequences for policy violations.
Password Policy: This policy should define strong password requirements, such as minimum length, complexity (including a mix of uppercase and lowercase letters, numbers, and special characters), and regular password changes. It should also emphasize the importance of not sharing passwords and using unique passwords for different accounts.
Data Classification and Handling: This policy outlines how different types of data should be classified based on sensitivity (e.g., public, internal, confidential). It specifies the appropriate handling procedures for each classification, including access controls, encryption requirements, and data retention guidelines.
Bring Your Own Device (BYOD) Policy: If your organization allows employees to use their personal devices for work purposes, a BYOD policy is crucial. It should address security requirements for personal devices, such as installing necessary security software, keeping devices updated, and guidelines for accessing company resources securely.
Email and Communication Policy: This policy focuses on best practices for email usage and other communication channels. It should address topics like avoiding suspicious attachments or links, being cautious about phishing attempts, not sharing sensitive information through unsecured channels, and guidelines for social engineering prevention.
Remote Work Policy: With the rise of remote work, it's important to have a policy that outlines security measures for employees working outside the office. This policy should cover topics like secure remote access, using virtual private networks (VPNs), securing home Wi-Fi networks, and physical security of work devices.
Incident Reporting Policy: Employees should be aware of the procedures for reporting security incidents or suspicious activities promptly. This policy should define what constitutes an incident, how and whom to report it to, and the importance of timely reporting to mitigate potential damages.
Security Awareness Training: Regular security awareness training sessions should be conducted to educate employees about current cybersecurity threats, best practices, and emerging trends. Training can cover topics like phishing awareness, social engineering, password hygiene, and safe browsing habits.
Cybersecurity is now a global priority as cybercrime and digital threats grow in frequency and complexity. However, one of the major obstacles to preventing cybercrime is the cybersecurity workforce shortage and lack of new professionals funneling into this industry. Therefore its paramount to have these policies regularly reviewed, updated, and communicated to employees. Additionally, ensure that employees acknowledge and understand these policies by requesting them to sign an acknowledgment form.
It is clear that businesses are under a constant threat of cybercrime and must take steps to defend themselves. Do not wait until it is too late, take steps today to prevent future data breaches and the consequences that follow.
For more details please call/whatsApp +263772278161 or chair@zict.org.zw
Source - Jacob Kudzayi Mutisi
All articles and letters published on Bulawayo24 have been independently written by members of Bulawayo24's community. The views of users published on Bulawayo24 are therefore their own and do not necessarily represent the views of Bulawayo24. Bulawayo24 editors also reserve the right to edit or delete any and all comments received.
