Information security, time to take action!
You don’t put a medieval lock on the front door of your house. You don’t write down the PIN code of your creditcard on a post-it note. And you don’t leave your car with open doors in a public garage. “What is he talking about? Of course I don’t do that!” I hear you think. Well, as obvious as these examples may sound, when we look at information security, you’d be surprised how many medieval locks and open doors we find.
I was in a meeting with a major B2B insurance company. They mentioned that on average 20% of their clients report a cybersecurity incident. That is a staggering figure! It means that we all need to step up and address optimised data security. Another client confined in me that they still use simple passwords that never need to be updated. And I am absolutely convinced that we’ll find passwords like ‘admin1234’.
Take a guess: how long does it take a cybercriminal to crack such a password with brute force? Maybe a few days? Nope, think again. One hour. That’s 60 minutes and he’s in. After 60 minutes your data is compromised. The most recent models1 even reduce the estimated needed time to two minutes. Spooky, right?
Sure I use my birthday as a password! I will never forget that, you see. And who knows my birthday? Next to nobody ... so I’m good.
This example above focuses on passwords, but Passwords are just part of a wider array of easy actions an organization can take to increase cyber resilience. The American National Institute of Standards and Technology defines cyber resilience as2: “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” This resilience is not only based on technological measures but equally so - or even more so - on behavioural changes. People often are a weak link in the protective chains around your data. It’s hard to break bad habits, but it is very important to do so. Think about the birthday-password... By continuously working on best practices in your organization, you can reduce the risk of being the victim of cyber crime like phishing, hacking, spoofing, malware or ransomware.
Earning the trust of your data subjects includes making sure that their data are kept safe within your organization. Data breaches are bad news for both you and your data subjects: bad publicity, angry data subjects, fines or even an inspection from the authorities... Don’t end up like one of the many companies3 that fall victim to data breaches and take action. As part of an effective compliance strategy, stringent information security is essential. Just five minutes of lowered vigilance are enough.
In 2022 the HR department of a client I worked for received an email from one of its directors. The email mentioned a new bank account and the demand to pay the upcoming salary to the new account. As the payment of salaries was being finalised at that time, the HR employee forwarded the email to a colleague. Sure, the words used in the email were a bit strange and also the email address was unknown. But if they acted quickly, they could still make the payment to the new bank account! And so it happened...
There were strange words, an unknown sender and a bizarre signature. Why did we not recognize this obvious phishing attempt?
Best intentions and a decision that needed to be made quickly formed the basis for a salary that was paid out to a cyber criminal. In this case money was lost, but no external damage was done. All in all it was still a minor incident. But it's a good example of how easily cyber fraud can enter an organization.
Increase your cyber resilience
Don’t wait to join the list of companies that learn the hard way before taking action. As a New Year's resolution for 2024, work on your increased cyber resilience. No, it’s not expensive. No, it’s not complex. No, it’s not only for large companies. Everybody is a potential victim! Craftzing's Compliance team has loads of experience in guiding organizations in reaching good cyber resilience. Would you like to learn how? Would you like to know how your company is actually doing in terms of cyber security? Contact us, we’ll be more than happy to have a chat!
By continuously working on best practices in your organization, you can reduce the risk of being the victim of cyber crime like phishing, hacking, spoofing, malware, ransomware.
By Yves Braeckman
As Head of Compliance I work on finding a balace between performing online interactions and respect for privacy in the broadest sense. The goal is to gain stakeholders’ confidence while creating durable digital solutions. Already today - but even more so in the years to come - compliance forms a cornerstone for any online activity.