Ransomware defence, employee awareness training and encrypted backup of mission-critical data are the ‘critical trio’ of areas that the National Standards Authority of Ireland (NSAI) is urging firms to address during European Cybersecurity Month.
Denis Ryan, who has global responsibility for information security management certification systems with NSAI and is a certified Lead Auditor, believes that businesses must become cyber-resilient. He said: “Firms often get caught out by threats they didn’t know existed – the unknown unknowns – so it’s important to stay informed and keep upskilling your IT team so it has the capabilities to cope with whatever threats arise. Regardless of the size of your business or the sector in which you operate, cybersecurity needs to be a priority.”
Ryan was speaking at the launch of NSAI’s free webinar series for organisations interested in certification to information security management systems. The new series, featuring Ryan and other subject matter experts, is called ‘Let’s talk about information security’ and the webinars take place on October 24th, November 1st, November 30th and December 6th.
Ryan recommends that firms look at implementing best practice, so they can evolve as needed to face down emerging threats: “For those unsure of where to start, the critical trio of areas to address are ransomware defence, employee awareness training (especially for non-IT staff) and encrypted backup of mission-critical data, as you can revert to this if you have a breach.”
He added: “Continuous awareness training is vital so that all employees understand that everyone has a role to play by being able to recognise phishing attempts and following security protocols. It’s also important to factor in cybersecurity to your change management protocol, for example. How will new tools or processes affect privacy, record control and other aspects of cyber-resilience for your business?”
Other areas to prioritise, according to Ryan, include vulnerability scanning, patching, having good authentication and password management, and being able to offer incident response plans, – meaning that if something untoward happens, the firm has a plan for handling it.
He said: “For Irish businesses, being smart about cybersecurity pays dividends on multiple fronts. First, when your cybersecurity is up to date, you prevent the financial loss that comes with any breach. Cybersecurity issues such as data theft or service disruption regularly cause companies to incur significant financial losses.”
He added: “It’s a good time to plan ahead and think strategically, as the European Union will be introducing multiple new cybersecurity directives as it focuses on a new cybersecurity certification framework.”
NSAI’s ‘Let’s talk about information security’ webinars are free to attend and bookings can be made at www.nsai.ie/27001.