How to protect your organization against cyber-attacks
In the lead up to Cyber Security Month, we outline some of the key actions librarians and publishers can take now to help protect against cyber-attacks
Education and research organizations are a prime target for cyber-attacks because of the valuable data they hold. The UK’s Cyber Security Breaches Survey reported 86% of further education colleges and a staggering 97% of higher education institutions identified a breach or attack in the past year. Cybersecurity also ranked no.1 in the EDUCAUSE list of issues facing US colleges and universities.
Most UK education institutions already have established cybersecurity policies and technical controls in place compared with the average UK business. So what’s the answer to preventing further security incidents?
It’s tempting for organizations to invest more money into technology solutions based on known risks, but will that deliver the robustness organizations need to deliver?
Well yes, but not entirely. Because organizations do not have a bottomless pit of money. And anyway, most security risks are due to poor strategy or staff lack of awareness of security processes.
Security is everyone’s job
Cyber criminals look for gaps in your armor and they only need a small chink to get in. Staff bypass security because they are unaware of your organizational processes. Or worse still, they may need to find workarounds if your security controls do not support their needs. This applies to end users too if they can’t get access to a resource they are subscribed to.
Leaving your IT security team with the sole responsibility of managing your organization’s security is not going to work. It takes a holistic approach to managing security risks and a fundamental change in your organization’s culture.
What you can do to protect your organization against cyber-attacks
Here are three things you can work on now to make your organization more secure:
1. Review and update your strategy and processes
Secure, private and accessible by design needs to be at the heart of your organizational strategy and processes. Work with your IT security team to get a better understanding of your role in business continuity planning.
Take the time to review and update your ISO 9001 quality standards and processes. Because security issues can also be quality issues. And if you improve quality, you improve your business too.
Strong identity and access management is one of the 10 steps to cyber security and an essential part of keeping your organization safe and secure. Make it easy for your staff and end users to access services so they do not resort to insecure workarounds. If you already support a federated access solution, ensure access control is appropriate for the people subscribed to a resource or service. And for additional security, turn on 2-step verification for all your services.
2. Make yourself less vulnerable. Invest in secure technology, infrastructure and services
Most of us have heard the high-profile story of the British Library’s ransomware attack. Hackers were able to gain access through more than one entry point in the library’s complex technology estate of mainly legacy systems.
Undertake an audit of your technology, infrastructure and services and update or replace any that do not comply with the latest security standards such as ISO 27001 and Cyber Essentials. Supply chain security is one of the weaker areas identified in the UK’s Cyber Security Breaches Survey. Ensure procurement for third-party suppliers includes quality, security and data protection compliance checks.
As part of your audit, take a close look at your organization’s risk assessment and ask your IT security team about vulnerability management and pen-testing of any systems you manage.
3. Prioritize cybersecurity awareness and training
Social engineering techniques such as phishing and impersonation are two of the main causes of security and data breaches.
Reduce your security risk by raising awareness about your organizational processes with staff and end users. Brief them on a few practical things they can do to protect their data and systems against cyber-attacks, such as:
- Raising staff awareness of your organization’s incident response processes
- Keeping software and devices updated
- Using strong passwords and a password manager
- Turning on multi-factor authentication
- Knowing how to recognize and report phishing
Doing security well can help keep your organization and end users' data private, safe and secure. The onus is on prevention which is less costly to your budget and reputation than if you were to experience a breach or attack.
Working as one organization with your IT security team and end users can help reduce the threat of cybercrime.
Register for our cybersecurity webinar 'Their risk is our risk: Conversations with your information security folks', Wednesday 30 October 2024.
Gem up on your cybersecurity knowledge
Explore our collection of educational resources designed to empower you with the knowledge and tools to safeguard yourself and your organization from cyberthreats. Defend as one and help build a safer, more secure digital future.