Creating a Cybersecurity Risk Assessment

Barry O’Donnell, Chief Operating Officer at TSG, walks Top Business Tech through the importance of carrying out a thorough risk assessment, and how to identify the systems which need protection most urgently.

Most businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of financial or reputational loss and give you an overview of the high-risk areas you must address.

One type of risk analysis that is critical but sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analysing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defences every day.

To address these threats, full and frequent cybersecurity audits are necessary to review:

·       weaknesses in your business systems.

·       outdated hardware or software.

·       the security awareness of your employees.

Here are the basic steps you need to take to perform a cybersecurity risk assessment.

Audit your hardware and business systems

You can’t understand the risks associated with your technology if you don’t keep track of it in the first place. Maintaining a comprehensive record of all the technology in your business can sometimes be tricky. If departments in your business are making shadow IT purchases – implementing technology without sign-off from your IT team – it can quickly become unmanageable.

Identifying and auditing your most important and widely-used IT assets will help you understand which solutions make up the biggest percentage of your attack surface. For example, most of your employees will likely use your customer relationship management (CRM) software. If you haven’t tied down access rights, hackers could get in through a backdoor. Similarly, you can stop people from sharing customer information externally by limiting the number of people who can download large amounts of data.

Keeping a rolling kit of your hardware will also allow you to schedule your patching. Updating well-known security risks like unsupported devices or operating systems (OS) should be a high priority. Windows 7, which reached its end of life in January 2020, has been targeted with a password-stealing scam due to its vulnerabilities. This highlights how critical it is to patch software and hardware regularly.

Address the most likely incidents

When we think of strengthening our cybersecurity, it’s natural to focus on protecting your business from external threats like hackers. That’s important, but you also need to look at other common incidents and their risk.

With GDPR in force, data security is a high priority for most businesses. It’s important to note that business data can be compromised accidentally and deliberately. If your people use removable storage devices like USB sticks, there’s a risk they could be lost or stolen – like in the case of Heathrow Airport.

Equally, if cybercriminals are targeting your business with phishing emails, consider the risk level of your people clicking on the malicious links and filling in their login details. You can reduce the likelihood of these threats reaching your employees in the first place by using powerful email filtering tools. As hackers’ tools, like the highly evolved Ryuk ransomware, are continually becoming more sophisticated, you need to consider what will happen next.

Educating your workforce about the cyberthreat landscape and how they can play a role in keeping your business secure is vital. You can do this by:

·       providing digital and in-person training materials.

·       using a phishing simulation tool to test existing staff knowledge.

·       outsourcing security training to a managed IT support organisation.

Identify the level of risk and prioritise actions

A risk assessment isn’t finished once you’ve identified the most pertinent risks. Next, you need to understand how to address the risks you’ve identified.

Let’s say you know a lot of your employees take confidential information to on-site customer meetings using USB sticks. They travel via public transport and their storage devices aren’t encrypted. This means your vulnerability is high: there’s a high risk of those items being lost or stolen and accessed by a malicious third-party.

This should therefore be one of the first items you address. You can split down actions into quick wins and long-term strategies. So, a quick win would be implementing a policy that states removable storage devices must be encrypted and/or password-protected. A long-term strategy could be implementing a cloud storage solution to allow your people to access their documents anytime, anywhere, and eliminate the need for USB sticks.

Don’t forget about your remote workforce

If your business has back-office staff, chances are a proportion of them will be working from home at the moment. In fact, according to a survey by IESE Business School, SD Worx and CASS Business School 65% of all British employees switched to remote working during lockdown.

That presents additional risks to the security of your business.

A study by IBM found that 53% of remote workers are working using their personal devices, while 61% say their employer hasn’t issued any guidance on securing those devices. This presents a number of risks to your security, including:

·       Lower-grade security solutions on your employees’ personal devices, leaving gaps for hackers

·       Hidden malware or bloatware which has been unknowingly installed

·       Sensitive information accessible by non-employees.

You can easily mitigate these risks by providing employees with laptops or, if that’s not possible, enterprise-grade cloud storage solutions which add layers of protection to work files. Similarly, unsecured home WiFi networks present a risk to security. By installing a business virtual private network (VPN), you can encrypt employees’ connection to your network.

  READ MORE: 

In today’s information age, cybersecurity risk assessments are an integral part of your business’ processes. Hackers are taking advantage of businesses and their homeworkers right now, meaning an increase in your attack surface. By carrying out a thorough risk assessment, you can identify the systems which need protecting most urgently. You can then create a comprehensive action plan which addresses the high-risk areas of your business first, before looking at securing every potential entry point for cybercriminals.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Barry O'Donnell

Barry O'Donnell is the Chief Operating Officer at TSG, offering managed IT support in London, with expertise across a range of areas including Office 365, Dynamics 365, document management and business intelligence.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...