How businesses can introduce and maintain a security culture
According to a recent survey conducted by Expert Security UK, almost a third of the UK public are not aware of the safety and security policies implemented by the company they work for.
In this context recent news of the global Petya ransomware attacks from Ukraine and NHS ‘WannaCry’ cyber-attacks should come as no surprise. For businesses the consequences are clear: it is imperative they introduce a robust security culture and ensure their staff abides by them.
To help your business get on the right track, the team at Expert Security UK have compiled some pointers and spoken to business experts to establish the best ways business owners can encourage staff to embrace security and put in place robust processes to protect the company.
Be transparent with your team
Build trust and secure buy-in from your team by sharing your objectives and communicating clearly on the processes you are implementing to achieve them. This level of transparency is key to build trust, according to James Hall, creative director at HeX Productions:
“The way of ensuring that all staff abide by the security policy is making sure that they understand the importance of the procedures and how they protect the clients. With all websites we build, developers incorporate firewall and virus settings as well as making sure user policies are strict to ensure tight security. We also test and monitor these firewalls to ensure access is limited.
“Implementing procedures are simple. Ask your website developer or hosting company what kind of protection you’ve got. Disaster recovery is essential, just in case the worst does happen. We ensure that all websites we develop are backed up to three locations around the world. It’s also worth checking how many people have access to the development side.
Businesses can improve security really easily and it’s about asking around if unsure. Don’t always go for the cheapest developer because they might not have as much security as those who charge a little bit more.”
Use the right tools for the job
Businesses should take steps to know what tools are available and best suited to enhance security and combat threats.
David Pinches, marketing director at Oak, recommends a “single sign-on” for users and system managers with varying level of secure access.
“An important technical, and cultural issue is to setup a “single sign-on” environment where the access to all business applications are managed through the Microsoft Active Directory system. For example, our Oak intranet system used in companies of all sizes is often deployed as part of the overall Active Directory infrastructure and hence employees simply sign in to their network at the start of the day and do not need to sign in again, or other applications that have a similar capability. This reduces the risk around multiple sign ins with many systems and with varying levels of secure user access. It provides a quick win for users and system managers alike.”
For Harshini Carey, regional director at Neupart, the key is to invest in a tool that provides you with ongoing control. He explains why it is important for business owners to have a clear overview of all the necessary processes:
“Information security management and data protection need to be part of any organisation’s foundation. But how do you incorporate the right processes? The key is overview.
“You need to have a clear overview of all your necessary processes: who’s involved in each process, and what stage they’re at. One of the best ways to do this is to carry out a gap analysis. Figure out where you stand in relation to security standards such as the GDPR, and which areas you need to improve in order to be fully compliant. It’s best that you don’t view this as an annual job to be carried out by an external consultant, but rather invest in a tool that allows you continual control and a better understanding of your organisation’s compliance.”
With high-profile cases of digital threats and your smartphone never far from your thoughts, it would be all too easy for businesses to neglect physical security. For Danny Scholfield, the Managing Director here at Expert Security UK, this should continue to be assessed and improved as part of business’s plans to implement an effective security culture:
“As we go forward, it’s imperative that we’re using every possible method to our advantage. This means being open to new solutions (provided that they’re fully tested and operative, of course) and making sure there is a balance between physical and cyber security.
“For businesses, there are plenty of new solutions that are being designed to prevent security breaches – from bi-folding speed gates and crash-tested bollards. With advancing technologies and increasingly sophisticated techniques it’s crucial that businesses stay one step ahead.”