Can Cyber Attacks & Data Leaks be prevented?

ByDaily Parliament Times

Farooq Feroz
In recent years, Pakistani companies, government departments, and politicians have been subject to countless cyber-attacks and data leaks. Cyber-attacks are more common than we think, they are happening all the time. But have we ever wondered if these can be controlled or prevented? The risk of cyber-attacks can be mitigated but can never be fully eliminated. Having a cyber security program is something not very common in organizations in Pakistan but there can be severe effects if your organization ever faces a data breach. The majority of the small businesses who have suffered from data breaches will close down within two years, so this issue needs to be treated extremely seriously. By adhering to certain fundamental cybersecurity principles, many of the recent breaches and assaults might have been easily avoided. So, if you want to strengthen the security posture of your firm, these are the recommendations I can provide based on my expertise in this area. Make a security policy if your company doesn’t have one already. This document contains the rules that can help you keep your data secure. The security policy should have an overall approach to how you can maintain the three main pillars of information security, which are confidentiality, integrity, and availability. It usually explains what the security goals of your organisation are. It is considered a high-level document and does not explain very detailed procedures and rules. To have a detailed security document, we have something called standards, procedures, and guidelines. Here is an example, if you have a security policy which states that the “secret” data must be encrypted, then the standards document will explain what type of encryption to use while procedure document will explain how to encrypt that data, and the Guidelines documents are some optional instructions. One of the most important things to include in your policy is to have a proper assets management plan. Without knowing what your assets are, you cannot protect them. Having a security policy will indicate the importance of security within the organization and it must be endorsed by the top management. This document should also be written very clearly and should be concise. You should also make sure the policy is useable and enforceable with the security controls. The security policy should be evaluated as well, and any modifications made should be properly versioned and shared with the employees. Humans are considered the weakest link when it comes to information security, but they can be trained and made aware of the risks. To develop a good security awareness program you have to understand your organization and its structure very well and know the people, culture, and habits. Try to learn what are the objectives and goals of each department. Getting support from the top management can be a success factor to make your security training program effective. There should be ab allocated budget for the training program, rather than doing a more traditional way of training these days employers are trying new techniques such as gamification and phishing simulations. Another factor that can play a major role in this is to have more frequent communication with your employees. I was reading a research paper recently which proves that employers who train or communicate with their employees more frequently about information security result in a positive outcome and reduce the risks for the organization. Most organization these days will provide their newcomer employees with security training as part of their onboarding procedure. This is a very good practice to make sure that your new employees can be made aware of the “do’s” and “don’t” when they join your team. Majority of the people are not even aware that just clicking an email link or attachment can get your device hacked and can be in full control of the malicious person without you being knowing of it. You can train your employees to detect if the email they are opening is from a legitimate sender or not and DO NOT click on the link or attachment if the email is from an unknown source. Another factor that a lot of people neglect is the fact that they don’t upgrade their devices when a new OS software version becomes available. You must maintain your device up to date as soon as a patch or update is released for the operating system or the applications you are using, because the malevolent person is also aware that a fix has been made public, and he will attempt to exploit the vulnerability. Similarly, using strong complex passwords and use multifactor authentication (MFA) may reduce the risk of account hack. MFA is one of the strong ways to keep your accounts secure. While installing a new application, make sure that it is from an official source, because unauthorized application might track your phone activities and allow a malevolent person to hack into your device. So be very careful about what you install on your device. Furthermore, using messaging apps is common these days, If you want to communicate using messaging app make sure it’s using encryption for data transfer. However, a simple home remedy for this can be keeping your personal and business phones separate. For the security awareness training make sure that the content is of high quality and engaging. To make it more effective you can launch customized training for each department so they can relate it to their roles and responsibilities. Last but not least make sure that your program has measurable goals. The number of people taking part in your security awareness is considered a Key Performance Indicator, but you can have more creative ways to measure the effectiveness of your training program by observing the reduction in successful phishing attacks too. There are a lot more methods to make your company more secure, but they all must begin with establishing a strong security policy and a well-designed security awareness program. The writer is Cyber Security Expert based in Beijing, China.

Similar Posts

Pandemonium over accountability

Pandemonium over accountability

ByParliament Times

By Abdul Rahman Malik, Accountability in Pakistan has always remained an Uphill task given the weak structure of the State institutions. The Corrupt practices are rampant and flow like blood vessels in the society. When it comes for accountability, it creates mayhem in the power circles i.e the Political, bureaucratic systems that pose strong resistance…

India- China Standoff: how can Pakistan cash this opportunity?

India- China Standoff: how can Pakistan cash this opportunity?

ByParliament Times

Abdul Manan “When life gives you lemons, make lemonade”, is a proverb about how to get benefit from tough time by struggle, clear vision, and dedication. Pakistan is going to gain same opportunity after India-China lock horns in Ladakh. The recent Indian aggression against China, Nepal and Pakistan at the same time has provided a…

Canada is one of the worst countries when it comes to White Supremacy

Canada is one of the worst countries when it comes to White Supremacy

ByParliament Times

Syed Tahir Rashdi As human rights advocates continue to try and show how Canada is just as racist. Some data from a new report has shed additional light on the issue. Researchers from the U.K.-based Institute for Strategic Dialogue was commissioned to investigate the prevalence of white supremacy in Canada — a nation that many…

Rise in Interest Rates and its Implications

Rise in Interest Rates and its Implications

ByDaily Parliament Times

Dr. Atiq ur Rehman On November 25, the State Bank of Pakistan’s Monetary Policy Committee further increased the policy rate by one percentage point and said in a statement that the hike was aimed at controlling rising inflation. The logic behind the efforts to reduce inflation by increasing the interest rate is that the increase…