Powered by MOMENTUM MEDIA
Companies face an increasingly sophisticated risk environment, and cyber resilience requires an increasingly sophisticated and whole-of-company approach to managing those risks, writes Craig Subocz.
The growing prevalence of and increasing public awareness about cyber incidents focus attention on data breaches and how companies deal with them. Taking steps to prevent and deal with data breaches may reduce the adverse effect of a data breach and mitigate the potential lost reputation that a data breach can cause.
Staff are often targeted by malicious emails that purport to come from legitimate contacts and which ask for sensitive and/or confidential information or which exposes the company’s IT environment to possible malicious software by having the staff member inadvertently downloading the software to attack the IT environment.
Training staff on how to recognise these phishing emails will assist the company protect the personal information it holds. New employees should be inducted on the procedures and processes deployed to protect the integrity of the company’s IT environments.
Where the company deals with sensitive information to which access should be restricted, steps should be taken to ensure to limit access to only those employees with the requisite authorisation to access the sensitive information.
Ensuring that the company’s IT environment is protected against vulnerabilities is essential to maximising cyber resilience. This includes ensuring that the IT environment is kept up to date with relevant vulnerability patches.
Companies face an increasingly sophisticated risk environment, and cyber resilience requires an increasingly sophisticated and whole-of-company approach to managing those risks.
Craig Subocz is a senior associate at Piper Alderman.