Cybercrime, an unpredictable risk to all business is fast becoming rampant seeing that a lot of business now have online presence largely as a result of the COVID -19 global pandemic. Some common cybercrimes include malware, keylogging, phishing, hacking, bank/e-commerce fraud resulting in reputational damage or business interruption. In effect Cybercrime is no exempt of persons or businesses. Here are some tips on how to reduce the risk of cybercrime and security breaches.
Step to Mitigate Cyber Risk
- The first step is to identify critical data assets or potential cyber risk.
- Establish policies and procedures to cover identified risk or review and update existing policies and procedures regularly.
- Information management and security should be GDPR/NDPR compliant.
- Monitor compliance with policies and procedures e.g. company should have access to data or staff activities online using tracking and productivity digital tools like Time Doctor, My Workspace etc
- Have a report mechanism where staff or any person is suspected to be in breach of cyber security policies and procedures.
- Regularly conduct awareness and training programs for staff against cybercrime prevention to help understand the importance of cyber security or threats of cybercrime as well as understanding the consequences of failing to comply with cyber security policies of the company.
Undertake technical measures against cybercrime e.g. installing anti-virus software, firewalls to secure internet connection, controlling who has access to your data and services, keeping devices and software up to date, URL filtering, secure data backup, using encryption or pseudonymisation, using strong passwords, using a two-factor authentication (2FA) etc
Other Control Measures
- securing a signed customer service and support policy or confidentiality agreement from each member of staff.
- discouraging staff from sharing passwords with others and changing passwords regularly
- securely disposing off confidential documents.
- discouraging staff from reading confidential papers or discussing sensitive matters to third parties.
Need for Corporate Governance
It is important for every Board and or risk committee to develop a cyber security guidance or framework for effective and efficient business management against reputational damage, business interruption and regulatory breach. The Board must (i) have a full understanding of the company’s cyber risk for prioritized response, (ii)carry out risk assessment across all departments of the company and if need be seek external advise, (iii) plan for resilience and be clear on who is responsible for owning the risk, (iv)have direct and regular communication with the risk management officer(s) expected to have a good understanding of company’s risk to satisfy itself that the risk management procedures of the company are robust (v) be proactive in managing company’s risk by periodically reviewing its risks policies and procedures to reflect emerging cyber-attacks.
For more on this, kindly send an email to email@example.com