This week marks the beginning of ECSM (European Cyber Security Month) 2019, an initiative run by ENISA (the European Union Agency for Cybersecurity), the European Commission DG CONNECT and partners to promote the importance of cyber security and highlight the steps that can be taken to mitigate cyber security risks.
This year’s themes
The theme in the first two weeks is cyber hygiene, and the remaining two weeks cover emerging technology, with the overarching message being “Cyber security is a shared responsibility!”.
Cyber security is a shared responsibility
This message plays on the three fundamentals that need to be accounted for when creating a cyber security strategy: people, processes and technology.
This refers to staff training, with the level of training you provide depending on whether the employee has a technical or non-technical role.
Non-technical staff don’t need advanced cyber security knowledge, but they do need a strong understanding of the fundamentals. A security awareness programme, or training courses that cover specific issues like phishing, are essential.
These are documented instructions that communicate your organisation’s cyber security stance. They should also define roles and responsibilities, specify procedures to follow and be regularly reviewed.
ISO 27001, the international standard for information security, provides a complete set of cyber security best practices for an information security management system.
Technological defences, such as spam filters, act as a first line of defence to protect against threats. Other technical controls, such as access controls, authorise who has access to applications, computers and networks.
But whatever the technology is doing, you can’t assume that it will be 100% effective. For example, email scanning software will send the majority of suspicious emails to employees’ junk folders, but that still leaves a lot of emails that end up in inboxes.
That’s why you need to train employees to spot suspicious emails and ensure they are following your policies and procedures.
How to get involved in cyber security month
There are events taking place throughout Europe, including a cyber security show for children in Denmark, a cyber security competition for high–school students in the Czech Republic, and cyber awareness courses.
Take control of your cyber health and protect your business
Cyber health is about establishing simple, routine measures to minimise your cyber risk. By taking steps to improve your cyber health, you can stay ahead of the criminal hackers, protect your data and respond to cyber threats before they damage your business.
Our free green paper takes you through the common cyber security myths and the key considerations for developing a cyber security strategy, and recommends effective and affordable cyber security measures to immediately improve your security posture.