Cybercrime, an unpredictable risk
to all business is fast becoming rampant seeing that a lot of business now have
online presence largely as a result of the COVID -19 global pandemic. Some
common cybercrimes include malware, keylogging, phishing, hacking, bank/e-commerce fraud resulting in reputational damage or business
interruption. In effect Cybercrime is no exempt of persons or businesses. Here are some tips on how to reduce the risk
of cybercrime and security breaches.
Step to Mitigate Cyber Risk
- The first step is to identify critical data assets or potential cyber
- Establish policies and procedures to cover identified risk or review and
update existing policies and procedures regularly.
- Information management and security should be GDPR/NDPR compliant.
- Monitor compliance with policies and procedures e.g. company should have
access to data or staff activities online using tracking and productivity
digital tools like Time Doctor, My Workspace etc
- Have a report mechanism where staff or any person is suspected to be in
breach of cyber security policies and procedures.
- Regularly conduct awareness and training programs for staff against
cybercrime prevention to help understand the importance of cyber security or
threats of cybercrime as well as understanding the consequences of failing to
comply with cyber security policies of the company.
technical measures against cybercrime e.g. installing anti-virus software,
firewalls to secure internet connection, controlling who has access to your
data and services, keeping devices and software up to date, URL filtering, secure
data backup, using
encryption or pseudonymisation,
using strong passwords, using a two-factor authentication (2FA) etc
Other Control Measures
- securing a signed customer service and support policy or confidentiality
agreement from each member of staff.
- discouraging staff from sharing passwords with others and changing
- securely disposing off confidential documents.
- discouraging staff from reading confidential papers or
discussing sensitive matters to third parties.
Need for Corporate Governance
It is important for every Board and or risk committee to develop a cyber security guidance or framework for effective and efficient business management against reputational damage, business interruption and regulatory breach. The Board must (i) have a full understanding of the company’s cyber risk for prioritized response, (ii)carry out risk assessment across all departments of the company and if need be seek external advise, (iii) plan for resilience and be clear on who is responsible for owning the risk, (iv)have direct and regular communication with the risk management officer(s) expected to have a good understanding of company’s risk to satisfy itself that the risk management procedures of the company are robust (v) be proactive in managing company’s risk by periodically reviewing its risks policies and procedures to reflect emerging cyber-attacks.
For more on this, kindly send an email to email@example.com