Designing a cybersecurity strategy for your business

Aurorah CheneySenior Manager, Enterprise Security, BT

Businesses are always under pressure. The need to constantly evolve – and to digitally transform - is the hot topic for many at the moment. And though the digital world brings many benefits, it also comes with risks. Cybercrime is evolving too. Let’s take a look – and help you plan for your cyber-secure future.

In our November 2019 survey, nearly two-thirds (64%) of businesses said they were either “not at all concerned” or only “moderately concerned” about a cyber breach. And that’s worrying.

What comes to mind when you think of a cyber breach? A hacker, sitting alone in their dark bedroom, numbers and lights flashing on screen as they smash your digital defences down? While some cybercrime may loosely take this form, the reality is that cybercrime can be far more wide-ranging.  Cyber criminals are increasingly using AI and machine learning. They are cleverly targeting employees and they can capitalise on a number of weaknesses in your network. So what can be done to tackle this? 

Effective cybersecurity strategies go much further than passwords and two-step authentication. They need to be woven into the culture of a business. And they should seamlessly align with the wider commercial strategy

To make an action plan that really works, everybody in the business needs to be on board. They should fully understand that cybercrime needs to be taken seriously. With the introduction of General Data Protection Regulation (GDPR) in March 2018 – and the hefty fines that can be handed out for non-compliance – not only could a company’s reputation be damaged, but the monetary cost could be huge.

It’s cheaper and easier to put the time and effort in now, than it would to clean up a data breach mess later. Let’s put some plans in place.

Developing your cybersecurity strategy

Start with the basics.

  • Create a cybersecurity strategy framework that suits your business. Identify any risks – and prioritise each one accordingly. Cyberbreaches can happen at any time, to anyone. So be prepared.

  • Be clear with all staff members on their digital responsibilities. It’s essential to rollout cybersecurity training programmes to ensure your employees know how to keep your business safe

  • Keep a good inventory of all your digital platforms and tech. Make sure they’re patched and updated often to keep them in good working order. You can do this by having regular audits to check everything is running smoothly

By creating a security strategy around these key points, you’ll reduce your chances of being maliciously attacked. Let’s take a look at the steps in more detail.

Identify and prioritise

Cyberattacks are everywhere; for businesses and consumers alike. But there’s a few ways to tackle the attack.

  • Depending on how you define your network, Managed firewalls are one way to protect your ever-growing network – if remote workers need access to on premises business resources, then a remote access function of a firewall becomes valuable.
  • Malware protection boosts your defences against malicious software that can be used to infiltrate your devices
  • A backup service can support rapid recovery if you have been attacked.

While some threats apply to all businesses, it’s important to fully understand which specific threats are the biggest risk to you. Chat with your key stakeholders, get a clear picture of each type of breach, and what it could spell for your business. How likely is a particular breach? What impact would it have on the business?

One impact could be huge – but very unlikely to happen. Another could be lower impact but is more likely to hit your business. Prioritise these risks and map out the measures needed to handle them.

Be clear on responsibilities and training needs

Remember the days when any kind of cybersecurity question would be met with: “Ask the IT team. That’s their domain. Things have changed. As workplaces evolve, so do cyber-attacks. Cybersecurity isn’t just for the security team to worry about anymore. It’s vital that everyone understands the role they play in safeguarding the company. But it’s also down to leadership. You need to make sure your cybersecurity strategy addresses any skills/knowledge gaps in your team. And once those conversations are flowing, make sure your security-policies are explained. Things like secure file-sharing and regular password updates are important, and once explained, will help stop data breaches.

Carry out regular audits

Having a cybersecurity strategy is only the start. Once it’s in place, it needs to be constantly reviewed to stay ahead of the cyber criminals.

And it’s not just your strategy you need to think about. Just because your cybersecurity is solid, who’s to say that your suppliers and partners have the same high standards? As of 2020, only 15% of businesses in the UK had ever checked out the cybersecurity risks presented by their suppliers. And if their cybersecurity is bad, that could put your business at risk. 

How to future-proof your cybersecurity strategy

A lot of time, effort, money and expertise goes into developing a cybersecurity strategy. So, it needs to stand the test of time. When making your plan, always think towards the future.

Stay abreast of emerging cyber threats

Cybercriminals are notoriously adaptable. Once a scam’s run its course, it’s not long before a new one is concocted. The Government’s Cybersecurity Breaches 2020 Survey found the number of businesses encountering phishing attacks had increased from 72% in 2017 to 86% in 2020. With this increase in phishing also comes an increase in successful ransomware attacks driving a need for strong antivirus and endpoint protection. It goes to show that the picture is ever-changing, and businesses must be fully up to speed.

Pressure test your strategy

Hopefully your cybersecurity strategy will be so robust, you’ll never need to report a breach. But you won’t know until it’s put to the test.

Consider employing and Ethical Hacker to simulate a phishing attack. How will your employees handle it? Could they identify a sophisticated scam as they go about their work? “Real-world training” of this nature can identify skills gaps and help to set a longer-term training agenda.

Build and maintain a Cybersecurity Maturity Matrix

As the tech world evolves and work dynamics follow, it’s easy for your strategy to become outdated. Having a Cybersecurity Maturity Matrix that you update regularly - perhaps even quarterly - allows you to see how you’re progressing over a longer period.

The matrix should include things like:

  • How advanced, up-to-date and secure your tech stack is
  • How robust your password processes are
  • Where your employees sit on the cybersecurity knowledge scale
  • Emerging risks - e.g. has there been a big churn in staff leaving and arriving?

When piecing together a Cybersecurity Maturity Model, you need to have a clear view of what good looks like. Which is why regular contact with key stakeholders is crucial. The Cybersecurity Breaches 2020 Survey suggested that board members have been more engaged with cyber defence strategies in the past five years. This can only be a good thing, as companies continue to weave cybersecurity into the fabric of their organisation.

Now, what can we do to help you? Come have a chat with our cybersecurity experts – and change your cyber future forever. 

Related articles

Mature man working in call centre
November 02, 2021
Business networking solutions: building networks that can deliver under pressure
Man working on computer
October 19, 2021
Five ways cyber-security can keep your business protected
Rear view of businessman using laptop at table
December 23, 2020
Cyber security and agile working