The seven principles of an effective cybersecurity strategy

Cyber threats are an unrelenting enemy in the digital world. This has only been heightened as businesses expand their digital footprint and adopt new technologies. Aware of their growing attack face, businesses have been putting more cybersecurity protections in place. And yet, the better your defence, the more devious are the hackers’ tactics. It’s a vicious cycle that’s seen some of the biggest companies in the world falling victim to cyberattacks and data breaches.

Just look at scheduling platform FlexBooker, where more than 3.7 million people had their data breached in January of this year, including thousands of Bunnings customers. The compromised information included names, phone numbers, email addresses, passwords, and, in some cases, partial credit card information—all thrown around on a number of dark web forums.

Another example is the cyberattack in February that leaked up to 500,000 addresses from the NSW Government database. Premier Dominic Perrottet was forced to admit that the breach included addresses of defence sites, a missile maintenance unit, and domestic violence shelters.

These two examples highlight the need for strong cybersecurity policies for all organisations. Data breaches are clearly becoming more frequent, are often international in origin, and involve rapidly evolving approaches. Thus, it can be difficult for most businesses to mount an effective defence. That’s where it pays to have a cyber defence solution that taps into the wider global environment, keeping abreast of new and emerging threats.

Software vendors across the globe are responding, increasing their responses to cybersecurity, with a focus on closing hackers’ entry points in software systems. In October, Google announced plans to enable two-factor authentication by default for Gmail users—a significant step towards a more secure cyber future for many.

As an ERP provider, Pronto Software is highly aware of the critical business data of thousands of users and businesses we manage, making complete data security a top priority. Having empowered countless ERP clients with greater confidence in the face of an uncertain cyber future, here are seven best-practice steps we recommend you take to strengthen your cybersecurity position.

1. Ensure your cybersecurity strategy is multilayered

The first rule of an effective cybersecurity strategy is not to rely on a single defence. Instead, plan for multiple different attacks, breaches, and leaks. That way you’ll be better prepared for a broader range of cybersecurity scenarios.

According to Pronto Cloud General Manager Chris Dickinson, company-wide defence must span from top to bottom of the corporate hierarchy and every process within it.

“The key to strong security is putting up a united defence. You can’t rely on just one layer of security, or your threats will only have one hurdle to clear. Prevention, detection, and recovery measures must always be pursued in equal measure.”

2. Consider your cloud infrastructure partner certifications and data centre rating

Knowing which tier a data centre facility meets should be a determining factor when it comes to choosing which one should host your data. While tier 4 data centres are generally recommended for large-scale enterprises, most companies will find the robust defence they need from a tier 3 data centre. It packs all the punch of tiers 1 and 2, but without requiring a total shutdown during maintenance or equipment replacement. Impressively, a tier 3 facility can ensure clients don’t experience more than 1.6 hours of downtime annually.

A robust data backup system also requires careful consideration of the physical and logical layout of resources and equipment. This is where a data centre cloud provider manages the complete network, computing, security, physical, and information architecture. In particular, look for a provider that offers architecture guaranteeing the segregation of environments, to ensure you’ll never be made vulnerable by another client’s downtime or breaches.

The benefits of cloud providers aren’t only isolated to network construction, they also work with tech partners to secure applications and implement software supports patches. External auditing also validates that a data centre maintains rigorous compliance standards for operations, security, and reliability, while strong corporate training provided to clients’ staff ensures a stringent defence is being maintained on both ends.

Pronto Cloud, for example, a division of Pronto Software, specialises in cloud applications and storage, platform services, and disaster recovery. It uses tier 4 data centres to leverage their cutting-edge security measures, offering unparalleled protection. These data centres, like Pronto Software, are ISO 27001 certified and, like Pronto Cloud, are ASAE 3402 attested.

3. Implement two-factor authentication

Two-factor authentication (2FA) is considered up to 100x more secure than traditional username and password login. In fact, Microsoft reported that it blocks 99.99% of automated attacks.

While by itself 2FA isn’t the most advanced or robust line of defence, it’s an effortless extra layer that could immediately defend from unwanted cybersecurity threats. The goal for cybersecurity prevention is to keep it simple enough that it doesn’t become onerous for end users within your company, so that they’ll willingly comply.

4. Upgrade unsupported software

Chances are there’s software being used by your company that hasn’t been updated recently. While the systems may still be functioning well, this constitutes a cybersecurity weak spot, opening you up to viruses, malware, and attacks that have been getting more advanced with time. Cybercriminals are very aware of outdated software-related weaknesses and know how to exploit them. Here’s where ‘patching’ can make a world of difference to your cyber defence.

By upgrading software or its supporting data, you can address concerning security vulnerabilities that can arise after years of neglect. Proactively making these fixes can help you avoid falling into a place of complacency that leaves you open to potential risks.

5. Increase corporate security training and awareness

According to Pronto Software Corporate Risk and Compliance Manager David Jacklin, the unfortunate truth is that in general our employees can sometimes be our weakest cybersecurity link.

“Without the proper security training, each person can pose a leak to your tight container of data. This is where it pays to invest in developing good internal governance, auditing, and certifications to build an aware cybersecurity culture.”

Fortunately, there are several bite-sized security training programs out there (such as Ninjio) that use micro-learning videos to empower individuals and emphasise the gravity of certain attack scenarios.

The power of ongoing awareness and training is that it easily raises the bar for your business’s overall security posture without you having to deepen your knowledge. This is why constant education is what will keep you abreast of relevant threats as they evolve and arise.

6. Work on cybersecurity with IT partners you can trust

Cybersecurity is an area in which you never want to take shortcuts. Hiring a dedicated internal team that covers the capabilities required can be extortionately expensive. Therefore, some companies fall into the trap of ‘skimping’ with just one individual employee working on cybersecurity.

The reality is that cybersecurity is a broad and complex realm that’s fast outgrowing the capability of most IT teams. It requires full-time focus, very particular skills, and heightened awareness of the latest attack methods. When it comes to bringing these capabilities in house—and all the different roles they require—it’s near impossible to do it in a cost-effective way.

Instead, ensure that your IT partners have strong cybersecurity embedded in their products and services as well as skilled resources that go above and beyond basic anti-virus software, treating very real risks as, well, very real threats.

7. Implement a cybersecurity team

As previously mentioned, it’s cost prohibitive to employ your own cybersecurity IT team. Instead, strong top-down governance should facilitate the implementation of an appropriate strategy, working with specialised cybersecurity IT partners to support your IT department in protecting your business against the risk of cybersecurity threats.

It’s critical that the C-suite, board members, senior executives, risk and compliance, and HR department present a united understanding of the importance of a rigorous cyber defence, communicating its presence and purpose.

These seven points may not guarantee that your organisation won’t be affected by cybersecurity threats, but they’ll go a long way in protecting your key assets: people and data.

Sources

‘Log4j zero-day flaw: What you need to know and how to protect yourself‘, ZDNet, 2021.

‘Cyber attack steals personal data of up to 80,000 SA public servants‘, InDaily, 2021.

‘Google is about to turn on two-factor authentication by default for millions of users‘, The Verge, 2021.

‘Cybersecurity: How to devise a winning strategy‘, ZDNet, 2018.