Getting Cyber- insurance for one’s organization surely is necessary, if the organization collects customer data and is dependent on certain online resources. However, there are a few things, which as an administrative head or a manager of an organization, one can do to promote a culture of taking information security seriously. Here is a list of things that one can do –
- Enabling 2 step authentication on your Emails
‘Email’ is probably the most used tool in any type of office environment. Whether it’s a request to ask for leave or submission of a final report, most of the Communications and File sharing in an organization happens over Email. Therefore, it becomes extremely important for a manager to encourage their employees to enable two-factor authentication on their Work, as well as personal emails. A compromise of such Email account would be harmful to the individual as well the organization. By enabling 2 Step verification or 2-factor verification one can always stay updated in case there is an unauthorized attempt to enter into their account. Here’s how one can enable it on Gmail or GSuite account.
- Select “Gsuite” or your Account window ->; Go to “Manage your account”
- Select “2 Step- Verification” ->; Select “Get started”
- Enter your account password
- Either select for a “prompt” which will be visible on the selected device or select for a text message/voice call that will intimate a code
- Press “try it now” and select “Yes” on the selected mobile device to enable it
- Enter a backup mobile number in the case the selected device is stolen or lost (preferably a sim not on the selected device)
- Enter the code sent on the device
- One can also download recovery codes, by selecting “backup option”, in-case they don’t prefer the alternate mobile number system. (However, make sure to keep them safe)
- Protect the hardware
Many organizations provide separate devices to their employees for work. These devices usually contain sensitive information of the organization as well. Therefore, investing in good cybersecurity software and anti-virus software is equally important to being vigilant in implementing device security measures. It is often advised that passwords of such devices should be predetermined and should be given only to the user who operates the said device. The said devices can easily be administered to prevent changes to any passwords as well, as it protects the devices from employee mishaps. As a manager, one should promote the culture of not sharing the device passwords amongst employees, as well.
- Protecting network Security for IoT devices
An organization has many devices connected to a common network for easy file sharing and sharing of common resources. They could either be desktops, laptops, printers or CCTV cameras. The interesting thing is that a lot of people don’t consider devices like Printers and CCTV cameras to be resources that are valuable enough to compromise. However, there have been countless attacks by hackers worldwide, attempted on a large scale, on these devices. Such attempts could lead to hampering of important company documents and information or in some extreme circumstances a situation like the Bangladesh Bank Cyber Heist in 2016. Therefore, while implementing network security and setting up encryption infrastructures and devices, special steps should be taken to secure these devices as well.
- Awareness about the threats
As an administrative head, one should promote the awareness for Cyber Security and Threats, in the organization by organizing regular workshops, seminars and training. At the same time, the manager should be equipped with basic redressal mechanism or a standard of procedure in case there is a data breach or a compromise on the network security. This would include a basic awareness about what kind of cyber-crimes there are, which data of the organization could potentially be compromised, how to contact law enforcement in such scenario etc.
- Choosing the right data center
If one’s organization has an online presence and hold a lot of customer data, which is sensitive, or if it is an e-commerce platform, choosing a correct data center, to store all that data, can be a very important decision. There are several types of data centers which offer a different kind of services such as variations in data redundancies and backups, power backups, maximum downtime etc. These data centers offer downtime ranging from 99.5% to 99.99%, while the decimal difference doesn’t look huge on paper, the actual difference of these ranges is usually in days. Complying with laws on data localization and cross border data transfer also becomes an important factor when deciding a data center. Therefore, such a decision of selecting a Data Centre must be done after thorough market research and professional advice.
- Regular audits
Once the organization is big enough it is just impossible to have any fault that could compromise the data held by the organization. In these scenarios, regular inspections and audits performed by professionals can be very helpful in identifying the potential threats and weak spots of an organization’s network and data arrays. It helps in risk management and becomes a factor in business planning as well.