RSM’s ‘Catch 22: Digital transformation and its impact on cybersecurity’ report clearly shows that organisations must do much more to protect themselves. Businesses should not wait for a breach to occur before investing. A breach is inevitable and choosing to react rather than protect could create untold damage to an organisation .
The main responsibility for cybersecurity lies with the CEO and change will happen if senior management step up, become aware of the dangers, and take charge. To combat the Catch-22, CEOs must match tech spend with cyber spend to effectively protect their company, invest in continual training for employees (a firm’s most vulnerable and capricious access point) and be honest when a breach has occurred. An industry shift around cyber risks, threats and breaches is needed and transparency is at its heart. Open discussion, best practice and fair regulation will drive better solutions and ultimately lead to a more protected world.
Here are RSM’s top tips to help make cybersecurity a priority.
RSM’s cybersecurity top tips
Make this a board level issue
- Consider all of your risks – data, people and third-party
- Review your policies and procedures
- Provide rolling education and training e.g. on the use of social media
- Read policies and procedures
- Keep up-to-date with education and training
- Be aware of unusual phone calls, e-mails or texts
- Verify contacts
- Accept all security updates to your PC/laptop as soon as possible
- Don't click on links – type in the URLs
Cyber risk management
- Report anything suspicious to IT immediately
- Be careful on social media
- Change your passwords regularly
- Have strong and different passwords for different accounts
- Be careful with portable media
- Check security certificates, especially for payment websites
What does best practice look like?
- Keep your firewalls, operating systems, virus engines up-to-date
- Password protect the Wi-Fi
- Consider data scrubbing
- Implement good IT general controls in depth
- Have a formal Incident Management plan for when the worst happens
- Consider compliance with Cyber Essentials Plus, or similar good practice
- Consider cyber insurance
- Check physical site controls
- Review controls against social engineering generally
- Conduct penetration testing