Analyzing a Company’ s View on Cybersecurity
The participants analyzed business operations to gain practical awareness of cybersecurity.
I work outside the company occasionally. How can hackers exploit open Wi-Fi for illegal activities? Typically, SMEs use personal cellphones instead of business phones. Does this impact security measures such as multi-factor authentication? What if I lose my cellphone? Who is the ultimate responsible person for a company’ s cybersecurity What should be the first step to improve security?
At the seminar, it was concluded that the advice for the firm could be: Hackers can use and do use open Wi-Fi to intercept data sent over such networks. They can also inject malicious software into your device. When you use a VPN( Virtual Private Network), your Internet data is encrypted, and your IP address is hidden. Investing in a new cellphone isn ' t just for tech enthusiasts. Usually, newer phones come with better security features, like hardware-based encryption and multi-factor authentication. Whether you use a personal or business phone, the important thing is to use the available security options and keep your phone safe. If your cellphone is stolen or lost, treat it as a data breach rather than just losing a device. A thief or someone who finds your phone might access the same information you can, especially if you haven ' t put proper protections in place. If the phone has Multi-Factor Authentication( MFA) installed, attempts to open it can be denied. The leaders of a company, including the board and managers, hold the ultimate responsibility for the company’ s cybersecurity. This means they can, in serious cases, be fired, fined, or even imprisoned if they neglect information security and cybersecurity. However, in practice, every employee is both individually and collectively responsible for protecting information and maintaining cybersecurity.
How to start with digital security depends on the company ' s current situation. The first step is to assess its current security maturity, identify any risks or vulnerabilities, and find solutions to fix them. This process is best conducted in a workshop with your management team, but if there is no team, contact a research project such as ISSUES for advice on developing systematic security procedures.
Questions about the company’ s level of maturity in digital security: What types of information do we manage? Is it open, internal, sensitive, or confidential? How valuable is it for our business and operations? What would be the consequences of a successful attack for the business? For employees? For customers? For our brand and reputation? What measures do we have in place to protect digital information? Are they enough? In case of an incident, whether it is an IT failure or an attack, do we have procedures and routines in place for detecting it, analyzing the cause, minimizing damage, limiting its spread, and restoring operations so we can continue with our business? What digital security skills do we have in the company, and which ones are we missing?