The European Cyber Security Month is the EU’s annual awareness campaign on cybersecurity, which takes place across Europe every October.

The ECSM initiative aims at increasing awareness of cyber security challenges and encouraging cyber protection among people and organisations through informing and exchanging common practises. The European Cyber Security Month has been introduced by DG CONNECT of the European Commission along with the European Union Agency for Cybersecurity (ENISA) together with more than 300 collaborators throughout Europe.

Your Cyber Hygiene

Cyber hygiene is about training yourself to think proactively about your cyber security to withstand cyber threats and security issues online and making it part of your routine. Sadly cyber security is still not being treated as seriously as it should be in many cases. Many people take cyber security for granted, but as cyber attacks continue to evolve, this attitude needs to change.

You must ensure that you are always being thorough and accurate with your cyber hygiene. Using the right tools is important, for example; installing reputable antivirus software and malware protection, use network firewalls, update your software regularly, set strong passwords, use multi-factor authentication, use device encryption, backup files regularly and secure your router.

Network security

Securing a network includes a dynamic blend of hardware equipment such as routers, firewalls and automated anti-malware programmes. Government departments and businesses employ highly qualified cyber management experts to execute protection measures and track the success of such strategies on a daily basis. Make sure that your business is always able to respond to attacks within your network, which will allow for speedier recoveries, offline recoveries, more backups and business continuity.

Train staff in cybersecurity best practices

There is a common saying when it comes to cybersecurity – “you are only as secure as your least informed employee” – and it is true. What if your office’s unsuspecting employee uses weak passwords or falls for a phishing attempt – and their system gets compromised? The reason for training employees on cybersecurity is a straightforward one: if employees don’t know how to identify a threat to security, how can they be expected to stop, report or eliminate it?

That’s why making sure your team members realise how cyber criminals might manipulate them into exposing confidential, private details is important. A suspected phone call or email will be detected within no time. Train them on how to defend the organisation against threats of this nature. Using solid industry practices on safety strategies is a successful starting point.

The awareness of cyber security threats needs to begin on day one. Incorporate cybersecurity training into your onboarding processes, and ensure it addresses all of the most important topics. It can also help to integrate data privacy policies, guidelines and internet access into the employee handbook. Starting at the onboarding stage, you’ll be showing new recruits that the organisation cares about cybersecurity just as much as it cares about work duties and strategy. As a result, from their first week of work, they’ll realise the value of careful online behaviour.

Have a disaster recovery plan

When the company encounters a cyber attack in the future, a well-planned and successful disaster recovery plan (DRP) will clear the way for a rapid response. It should have a well-defined escalation route, and in the case of such an unfortunate occurrence, proactive communication should be prioritised. The steps put in place to deal with this should be easy to follow and be customised to meet the needs of your business. The typical elements in your disaster recovery plan should include the following:

Create a disaster recovery team: The team will be in charge of the production, implementation and maintenance of the DRP. A DRP should recognise the members of the team, describe the roles of each member and include the contact details. Also, the DRP should specify who to contact in the case of a catastrophe or emergency. All workers should be aware and understand about the DRP and their duty in the event of a disaster.

Identify the disaster risks: Your disaster recovery team should identify the organisation’s risks, and evaluate them. This move should include things related to natural disasters, emergencies man-made and incidents related to the technology. This will help the team define recovery plans and services needed to recover from disasters within a defined and appropriate timeline.

Determine the business’ documents, resources and critical applications: The organisation’s business processes must be evaluated to determine which are essential to the organisation’s operations. The plan should concentrate on short-term survivability, such as increasing cash flows and sales, rather than a long-term approach to restore the full operating capability of the company. The company must understand, however, that there are some procedures that should not ever be delayed.

Test and maintain the business’ disaster recovery plan: Disaster recovery planning is a continuous process, as disaster risks and emergencies are continuously evolving. It is recommended that the company regularly test the DRP to improve the suitability and appropriateness of the procedures listed in the plan. The recovery team should update the DRP periodically to fit changes in business processes, technology and changing disaster risks.

Your Business communications

Most businesses and organisations frequently ignore the need for a robust and secure communication platform. Despite 80% of workers actually using text for business purposes, making their staff use a secure communication platform on all work-related activities is necessary for businesses and organisations.

Ensure Buy-in From Key Stakeholders of the Business: The first step in achieving secure communication is to ensure all of the organisation’s stakeholders are on the same page and agree that cyber security is a significant issue you can’t continue to neglect. For example; The organisations’ Cybersecurity team, Board of directors, Business executive management (CEO, CFO, COO), support staff and incident response team. The organisation should develop communication policies based on a risk assessment conducted by their cyber security team. Such policies control who should view, use or obtain any form of material; as well as who may supervise disciplinary measures for infringement of such policies. For example; critical asset management, physical security, authentication and access control.

While the mobile workforce continues to grow, the use of a secure communications platform will allow an employee to share work-related information with his / her colleagues while minimising the threat of data theft. Consumer messaging applications are regularly used by employees to discuss important and confidential business matters. These applications are a source of cyber risk for organisations who have no control over these communications. The use of a secure enterprise communications platform can eliminate these risks to ensure that confidential conversations are being completed on a secure system such as Salt Communications. Salt Communications can provide organisations with full control of their communications from who gets access to the platform, how these users can use the system, how their data is retained and where the system is being hosted from. Ensuring complete privacy of your communications should be a key focus for organisations during European Cyber Month.

Keeping your business safe and protected from cyber attacks takes a lot of vigilance and a foolproof cybersecurity policy to develop. You can tackle these challenges effectively by combining best practises and professional advice.

For more information on this article, or to talk to a member of the Salt Communications team, please contact us on info@saltcommunications.com.

About Salt Communications

Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit our website.