search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBERSECURITY CREATING A CYBERSECURITY RISK ASSESSMENT This should therefore be one of the first


items you address. You can split down actions into quick wins and long-term strategies. So, a quick win would be implementing a policy that states removable storage devices must be encrypted and/or password-protected. A long-term strategy could be implementing a cloud storage solution to allow your people to access their documents anytime, anywhere, and eliminate the need for USB sticks. Don’t forget about your remote


workforce – If your business has back-office staff, chances are a proportion of them will be working from home at the moment, presenting additional security risks. A study by IBM found that 53% of remote


Barry O’Donnell, chief operating officer at TSG, outlines how to deal with cybersecurity risks


M


ost businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of


financial or reputational loss and give you an overview of the high-risk areas you must address. One type of risk analysis that is critical but


sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analysing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defences every day. To address these threats, full and frequent


cybersecurity audits are necessary to review: • weaknesses in your business systems. • outdated hardware or software. • the security awareness of your employees. Here are the basic steps you need to take to


perform a cybersecurity risk assessment. Audit your hardware and business systems –


You can’t understand the risks associated with your technology if you don’t keep track of it in the first place. If departments in your business are making shadow IT purchases (implementing technology without sign-off from your IT team), it can quickly become unmanageable. Identifying and auditing your most important


and widely-used IT assets will help you understand which solutions make up the biggest percentage of your attack surface. For example, most of your employees will likely use your customer relationship management (CRM) software. If you haven’t tied down access rights, hackers could get in through a backdoor. Similarly, you can stop people from sharing customer information externally by limiting the number of people who can download large amounts of data. Keeping a rolling kit of your hardware will also


allow you to schedule your patching. Updating well-known security risks like unsupported


devices or operating systems (OS) should be a high priority. Address the most likely incidents –When


we think of strengthening our cybersecurity, it’s natural to focus on protecting your business from external threats like hackers. That’s important, but you also need to look at other common incidents and their risk. With GDPR in force, data security is a high


priority for most businesses. It’s important to note that business data can be compromised accidentally as well as deliberately. If removable storage devices like USB sticks are used, there’s a risk they could be lost or stolen. Equally, if cybercriminals are targeting your


business with phishing emails, consider the risk level of your people clicking on the malicious links and filling in their login details. You can reduce the likelihood of these threats reaching your employees in the first place by using powerful email filtering tools. Educating your workforce about the


cyberthreat landscape and how they can play a role in keeping your business secure is vital. You can do this by: • providing digital and in-person training


materials. • using a phishing simulation tool to test


existing staff knowledge. • outsourcing security training to a managed


IT support organisation. Identify the level of risk and prioritise


actions – A risk assessment isn’t finished once you’ve identified the most pertinent risks. Next, you need to understand how to address the risks you've identified. Let’s say you know a lot of your employees


take confidential information to on-site customer meetings using USB sticks. They travel via public transport and their storage devices aren’t encrypted. This means your vulnerability is high: items could be lost/stolen and accessed by a malicious third-party.


workers are working using their personal devices, while 61% say their employer hasn’t issued any guidance on securing those devices. Risks include: • Lower-grade security solutions on your


employees’ personal devices, leaving gaps for hackers • Hidden malware or bloatware which has


been unknowingly installed • Sensitive information accessible by non-


employees. You can mitigate these risks by providing


employees with laptops or enterprise-grade cloud storage solutions which add layers of protection to work files. Similarly, unsecured home WiFi networks present a risk to security. By installing a business virtual private network (VPN), you can encrypt employees’ connection to your network. In today’s information age, cybersecurity


risk assessments are an integral part of your business’ processes. Hackers are taking advantage of businesses and their homeworkers right now, meaning an increase in your attack surface. By carrying out a thorough risk assessment, you can identify the systems which need protecting most urgently. You can then create a comprehensive action plan which addresses the high-risk areas of your business first, before looking at securing every potential entry point for cybercriminals. Sources:


https://blogs.microsoft.com/on-the- issues/2020/09/29/microsoft-digital-defense-report -cyber-threats/ https://www.tsg.com/blog/windows- 10/it%E2%80%99s-time-break-windows-7 https://www.upguard.com/blog/cyber-security-risk- assessment#:~:text=A%20cyber%20security%20r isk%20assessment,cyber%20risk%20across%20 your%20organization.&text=As%20organizations %20rely%20more%20on,that%20didn't%20exist %20prior https://www.forbes.com/sites/daveywinder/2020/1 0/04/beware-this-dangerous-windows-7-upgrade- how-to-get-windows-10-for-free/#1f7b2324779f


TSG www.tsg.com


JULY/AUGUST 2021 | PROCESS & CONTROL 17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74