Heino Gevers, director, Customer Experience, Mimecast, shares best practices on how organisations can build a resilient cybersecurity strategy.
What are the most common mistakes end-users are committing when it comes to email security?
Firstly, organisations themselves tend to commit certain gaffes when it comes to security. Chief among them is the mentality that there is a ‘silver bullet’ solution for security. They spend a lot of time, resources and money in finding what they believe will stop threat actors or any cyber breach from occurring. However, they overlook the fact that at some point a breach is inevitable because they can’t control the actions of the end-user.
Having said that, humans are naturally curious creatures. It doesn’t matter how times you remind your employees about the dangers of clicking an unknown link or how many training sessions you give them at a certain point they will always try to explore the unknown. Therefore, the important thing to know is how an organisation can put the necessary measures in place to be able to mitigate the risks and how are they going to respond to it.
What kinds of best practices would you recommend IT security leaders should take to correct these missteps and to strengthen their security postures?
We advise our customers to take all the time and efforts they give in building a defensive approach to building a resilient cybersecurity strategy instead.
The most critical aspect of building a cyber resilient strategy is understanding what information they should protect. Surprisingly, there are a lot of organisations who are not aware of which data they have is critical and should be protected, which is concerning.
So, the first step is identifying what information, system and which end-users are most vulnerable to cyber-attacks.
After identifying these elements, the second step is ensuring that the right systems are in place to protect them.
Next is early detection. This means setting the right systems, people and processes in place for monitoring vulnerabilities within your organisation.
The fourth step is responding to threats. Companies should always set a strategy in place on how they would they communicate it to the market. They need to think about which communication channels they should use to inform the market about the incident, how their stakeholders are affected and how they plan to address it.
Last but not the least is the recovery component. This is about knowing how quickly you can bounce back should you suffer a breach. Organisations should ensure that they have the right applications, equipment and people in place that would help them recover even before any cyber breach happens.
In building this cyber resilient strategy, there is no limitation in terms of the number of people that can help you perform these best practices. This is why businesses should deploy technologies and solutions that are scalable. That’s what makes the Mimecast Cloud Archive such a multi-faceted technology because it allows organisations to apply this strategy in a scalable, secure and resilient cloud-based platform.