Cyber-attacks continue to be on the rise at an alarming rate and considerable costs. Thus, companies need to evaluate whether they are taking the right measures when it comes to cyber security. With more and more businesses embracing the use of the information technology, it is vital for an organization to observe relevant principles and guidelines to ensure tight security of their cyber space. This can help ensure that their data management is compliant and secure. Cyber security is needed to protect information, especially classified information. With this trending digital world, business is changing fast, companies are increasingly connected online and are managing vast amounts of information. Getting cyber security has never been more important, a company has to be buoyant and solid enough to address new challenges heads on. Therefore, maintaining a strong General Data Protection Regulation should be a focal point. Managing cyber attacks Cyber breaches can greatly pose serious damages on a company’s operations. Therefore, ensuring this kind of security is the vital investment for the company, and below are some of the steps that can be taken to ensure safety from cyber-attacks. First, have a team in place. A company ought to place a tech- team in place, this should consist of data protection experts who will identify the breach and help minimize the damage. This team should always be ready to promptly and efficiently deal with any kind of data breach. Second, revise risk management measures. In the occurrence of numerous cyber threats, it is important to always update the modes of interjection when it comes to dealing with risk assessment. Some of the favored risk management standards and frameworks which will be stated for the risk assessment are ISACA’s COBIT five, ISO 31000:2009, Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management-Integrated Framework, OCTAVE and many more. Third, protect IT Systems. Safeguarding these systems is critical for the protection of the company’s data and minimizing the damage that can be done. It is not right for any business to take the whole system offline or just removing the malware. Malware is just a symbol of associate degree attack, and you should isolate only the compromised segment of your network and then work on identifying the source of the breach. Since hackers typically use admin passwords, you need to change them the second you detect the breach. You should amend your access control list, which is typically an automatic method, since that’s the fastest method of effectively doing therefore. Fourth, strengthen End-point protection measures. Organizations ought to make sure that there’s adequate protection at points of entry through net and email access. End-point protection solutions ought to be capable of recognizing suspicious activity on end-user systems like uncommon ports and traffic patterns. Users with desktops, laptops, mobile handsets and personal digital assistants can be very lucrative targets for cyber attackers. Fifth, make regular penetration testing. For organizations that haven’t conducted penetration testing (internal and external), it may be time to consider this as one of the most effective ways to proactively identify technical Security vulnerabilities within the system that might potentially be exploited by associate degree attacker. Last but not least, notify authorities about the cyber-attack on your organization. This is essential because then you get access to advice on how to deal with certain data security breaches. Prioritizing cybersecurity is a matter that can’t be overstated. Apart from protecting the company’s trust in the eyes of its clients, it also lessens the extremity of expenses a business has to endure when dealing with cyber-attacks. The writer is an auditor, ICT Systems Audit at the National Bank of Rwanda. Jean de Dieu Uwimana, CISA, ISO 27001:2013 LA, CCNSP. uwimanajado@gmail.com
