Michael Armer, CISO at RingCentral
Research shows that in 2023, one in five UK organisations experienced a data breach accident once a month. A further one in ten said they had experienced a data breach at least once a week. As cybercriminals become more sophisticated with their attack approaches, businesses need to ensure the right protections are in place, and closely inspect current infrastructure and practices, to encourage organisation wide resilience.
Implementing the best security practices allows for businesses and their customers to not have to worry about their cybersecurity, building trust and creating greater efficiencies across the board. Staying ahead of cybersecurity measures requires a real team effort from all levels of the business; employees as well as customers should always feel empowered to apply cybersecurity initiatives to their everyday life.
As businesses review their existing cybersecurity efforts to date, I believe there are several key areas that they should inspect to ensure they are operating in a fully secure environment.
Scrutinise how security is handled
As technology continues to evolve, cybersecurity protection can quickly become outdated. Making updates manually can be time consuming and inefficient, as well as potentially exposing the company data to the risk of human error. So how can they tackle this?
One solution is choosing platforms that manage their own security. This means that the security measures are consistently updated, in line with business needs and sector regulation. For example, if businesses are using UCaaS (Unified Communication As a Service) platforms across their organisation, they should ensure it has an end-to-end encryption feature, which will keep all internal assets confidential and secure.
With embedded protections, businesses can be confident in their cybersecurity posture, whilst creating greater efficiencies internally.
Build transparency and foster open communication
The key to earning customer trust is being open and transparent, and communicating clearly if a security breach does occur. Customers have a right to understand how businesses handle data and personal information. Explaining security measures to customers will foster trust within the relationship. Within these conversations, you can also empower them to apply their own cybersecurity initiatives to their daily lives, potentially saving them (and businesses) from future breaches.
A robust security policy extends far beyond data protection and incident response – it encompasses customers, investors, regulators and employees. Policies and initiatives, like security awareness training and ongoing compliance with industry regulations, can mean the difference between a necessary evil and a trusted partner. Therefore, it’s imperative to include security and trust as driving principles from the get-go.
Demonstrate the company’s commitment to security
To prevent security breaches, businesses should look at maturity models to provide invaluable guidance. These can support mitigating risk throughout the entire organisation and vendor ecosystem. With the rise of remote and hybrid working practices, this can be a complex task to undertake across a dispersed workforce. Therefore, it is vital that businesses implement these frameworks to help security and risk managers effectively combat threats.
These frameworks can also illuminate any areas for improvement in security protocols. This is achieved through providing benchmarks against industry averages to help measure a company’s progress in embedding security standards across day-to-day and strategic operations. By understanding where the business is and where the business needs to be, security leaders can effectively determine the appropriate security strategy moving forward.
Adopting a shared responsibility model
Today, businesses are under even more pressure to act quickly and effectively when attacks or breaches take place. Adopting a shared responsibility model can help to secure businesses, by ensuring that information security policies and practices are up-to-date and are comprehensive across the entire business – ensuring nothing falls through the cracks.
Clearly defined roles and responsibilities ensure that everyone at a company is equipped and able to counter threats. By adopting this model, businesses can better scrutinise cybersecurity objectives and practices, helping to raise cyber awareness across all departments.
Additionally, a shared responsibility model allows for regular enterprise risk reviews that ensure all departments are identifying critical security risks in their respective areas. Without this support, security leaders will struggle to identify threats and will be slow to act to mitigate them.
As businesses map out their 2024 priorities, security should be top of the agenda. As innovation increases and more companies look at evolving the technology they use, it can make them more susceptible to cybercriminals. Investment now will pay off in the future and ensure peace of mind for businesses and their customers.