Cyber Security – Why is regularly reviewing so important?

13 Feb 2023

(Republished from an earlier article)
As an award-winning CRM provider, we are always right up to date when it comes to cyber security measures. Our customer’s data is the most important thing to us. When you use an OpenCRM system, you can be rest assured that we have taken every step possible to protect your data…But, what are you doing at your end to protect yourself and your teams when it comes to cyber security?  
 
As you can imagine, we speak to loads of small to medium enterprises on a weekly basis. The vast majority are interested in making sure their CRM system data is safe and secure. But, you honestly wouldn’t believe how many of those same businesses have neglected to apply that same CRM security mindset throughout their whole company! Yes, we ‘got your back’ when it comes to your CRM system data. But that’s not the only area of the business that needs protection!  
 
In this article, we are going to take a quick look at why cyber security is so important. And some of the ways you can avoid a security disaster!  

Why is Cyber security so important?

It’s a question often posed by directors within a business. And it’s a good question to ask! Look at it from their point of view. They probably have little to do with the implementation of any cyber security measures. They might not be as tech-savvy as your IT team.  All they get is a bill landing on their desk. A bill for X amount of pounds to cover the cost of cyber security measures. So of course, when this happens, it’s a perfectly logical question to ask of the IT team. It’s your IT teams’ job to educate the whole business as to why it’s so important!  
 
So why is it? Let’s take a look at what can happen when you have a security breach. And how that could affect your business. 

Yahoo – 2013

The number 1 data breach that springs to most security experts’ minds is from way back in 2013. However, the cheeky folk over at Yahoo didn’t report on this security breach until well into 2016!  
 
In 2013 Yahoo fell victim to a hacking group that managed to access personal data for over 3 billion customers! Just stop and think about that for a second. Because of a loose thread within Yahoo’s multimillion-dollar security tapestry, over 3 billion users were affected!  
 
Okay, so you might not have the billions of users Yahoo have. But think less about the number of customers affected and more about the damage to company reputation. What about the damage to overall share price. What would a breach such as this do to your profits? When you put it in terms of profit loss, it should be starting to become a little clearer why cyber security is so important. 

Sina Weibo – 2020

Okay, one more to hammer this home. Sina Weibo are one of the biggest social media companies in China with over 600 million users.  
 
Back in March of 2020 a hacker was able to access and download a large part of their user database! Over 538 million of their users had their real names, site usernames, gender, location, and phone numbers accessed then sold on the dark web for as little as $250!  
 
The fallout from this security breach went on to cost Sina Weibo millions! I don’t think I need to highlight the importance of cyber security anymore…!  
 
At the end of the day, all the directors should need to know to convince them about the importance of cyber security is the following. If you don’t take it seriously and guard against it, it could cost your business! In both reputation and pound notes!

The evolution of Cyber Security 

Although we are going to briefly touch on the history of cyber security, the main reason I want to look at the evolution is to show how quickly the world of cyber security changes! But first, let’s very quickly look at where it all started.  

If we go back to the mid-1970’s we can take a look at the birth of cyber security. ARPNET was an early precursor to the world wide web we know and love today. On this pre-internet network, a chap called Bob Thomas created a program called Creeper. This program was designed to move across the ARPNET network and leave a trail wherever it went. The trail it left came in the form of a message that read ‘I’m the creeper, catch me if you can’. So, in essence, this was the first computer virus!  
 
Then along came Ray Tomlinson. He combated the Creeper by creating a program called Reaper! This program chased and deleted Creeper entries across the ARPNET network. Reaper was not only the first example of antivirus software, but it was also the first self-replicating program!  
 
So, you can see, for as long as we have had computer networks, we have had the need to protect against security breaches! For a more comprehensive history of cyber security check out this article

The Early Noughties

It wasn’t until the 2000’s that cyber security really had to pick up speed. In the early 2000s, the world became much more invested in computer technology. The internet (in particular) became much more prevalent within our homes and workplaces. This, of course, led to a sharp rise in new and innovative ways your computer could be attacked.  
 
As a response to this new world of ‘on page’ hidden malware, infected websites and ‘zero day’ attacks, the geniuses behind the rapidly growing world of cyber security had to quickly develop effective and new ways to protect against those emerging threats!  
 
Between the early 2000s and the end of the decade, cyber security had evolved from installing large, cumbersome virus protection packages directly onto your computer. To cloud-based, auto-updating open-source virus software. We went from trying to protect against accidentally downloading or installing malicious software to pre-installing our operating systems with cyber security applications!  
 
This shows us that the rate of growth within the world of computer viruses and cyber security attacks. The universe of computer attacks started to speed up exponentially. And here lies the point of today’s article. With such rapid growth within the world of harmful computer code, you MUST keep up! 
 
Yes, back in the 90’s you could probably get away with a ‘set it and forget it’ attitude towards cyber security…at least for a while. In 2023 you cannot! You MUST constantly review your cyber security measures to ensure you are protected from the ever-expanding ways your data could be compromised!   
 
It pains me to write it, but the people behind new and innovative ways to attack your networks are very clever people! The best way to tackle those big brains trying to hurt your systems is to be equally as clever and clued up. Let’s take a look at some of the things you can do within your business to keep everyone safe!  

The Human Factor

One of the best things you can do within your business is to educate your teams! The human factor plays a massive part in system vulnerabilities. Dave over in shipping isn’t up to speed with the latest email security threats and accidentally opens a malicious email. Suddenly the whole company is battling a new cyber security threat.  
 
Of course, this highlights the importance of having a robust virus protection suite covering all the IT equipment in the business. With that in place, even if Dave does open a malicious email, it should be hard for a virus to penetrate very deeply into your network. However, it also shows us the human factor!  
 
If Dave had been kept up to date, with regular meetings and training on the latest cyber security updates, he could have been educated on what to look out for! He would be prepared to spot the signs of malicious communication.  
 
This again speaks to the need to constantly work on your company’s cyber security. It’s no good thinking a training session for your staff once a year is sufficient to keep them up to date, it’s not. You could switch to quarterly meetings instead? And why not bolt on a fortnightly email from the IT team. Let the whole company know what to look out for.  
 
Perhaps also include some of the instances your virus protection suite has helped to stop any attacks. With that kind of drip-fed information update, you can not only remind the team how important cyber security is, but you can make sure the latest innovative virus is on the radar for everyone. 

Stay Up to Date!

It’s crucial to keep Dave up to date, yes. As we covered above, reducing the element of human error is super important. But I’m not really talking about updating Dave (Dave firmware 4.3 now successfully installed). What I really mean by ‘stay up to date’ is UPDATE YOUR SYSTEMS – OFTEN AND PROMPTLY!  
 
It seems so obvious when it’s written out like that, doesn’t it? But you wouldn’t believe how many companies we have helped in the past simply by reminding them to perform those windows updates as soon as they become available.  
 
One of the reasons a whole bunch of the software you use, including your operating system, needs regular updates is to keep up with new threats. If you adopt a lackadaisical attitude to keeping your systems up to date, you are rolling out the red carpet for your next virus attack!  
 
By making sure one of your IT teams responsibilities is to stay on top of updates, you can nip any potential security holes in bud, early doors! It’s what we do here at OpenCRM and our systems are safe as houses!

Review your policies and procedures 

Every business should have policies in place to cover cyber security. And those policies should go hand in hand with procedural documentation to help instruct your teams as to what ‘best practice’ should be.  
 
But as we said above, it’s no-good setting those procedures and policy’s out and then forgetting about them for 18 months. They need to be regularly reviewed and re-worked to cover any new and emerging threat. By implementing cyber security policies, you can ensure that your team understand their obligations when it comes to keeping your data safe! You can also use those procedures to solidify the lessons taught during those regular cyber security company meetings.  
 
ISO 27001 is a ‘best practice’ standard for information technology security. It is certainly worth making this standard available for your company to look through. It’s a brilliant source for identifying ‘best practice’ when it comes to Cyber Security. ISO 27001 can also help with risk assessing threats as well as guidance on policy and procedure. Find out more here

Always be assessing and improving

The lesson I want everyone to take away from this article is the following – Always be assessing and improving!  
 
It might not be immediately obvious to some of the less tech-savvy within your business, but keeping up to date and on top of your cyber security should be as important as keeping on top of your building security!  
 
If there was a news story that hit the front pages about a new type of tool burglars are using to give them instant access to your company premises, you wouldn’t ignore it. You wouldn’t just breeze past and allow your building to be vulnerable to an expensive burglary.  
 
The same should be said for your cyber security. Those metaphorical new tools are created on a weekly, if not daily basis. By constantly assessing and improving your cyber security you are always protecting against those brand-new tools the bad guys are using!  

This goes for all areas of the business. You should always be checking and double-checking that your tapestry of security measures has no holes. Make sure your team are aware of the importance of cyber security. You should be constantly reviewing and amending your cyber security to tackle those dastardly new threats that, unfortunately, emerge as quickly as you can battle them back!  

Stay safe out there folks, protect your business and if you’re in the market for a super-secure cloud-based CRM product, give us a shout or take a test drive using the button below!