Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.
Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security.
We have seen a significant growth in cyber criminality in the form of high-profile ransomware campaigns over the last year. Breaches leaked personal data on a massive scale leaving victims vulnerable to fraud, while lives were put at risk and services damaged by the WannaCry ransomware campaign that affected the NHS and many other organisations worldwide. Tactics are currently shifting as businesses are targeted over individuals and although phishing attacks on individuals are increasing, fewer are falling victim as people have become more alert.
Cyber attacks are financially devastating and disrupting and upsetting to people and businesses. We know that there is significant under-reporting, although the new General Data Protection Regulation is likely to prompt a better picture of scale. Currently the level of sentencing at court is not commensurate with the seriousness of attacks, and this is an area which is ripe for consideration.
Train employees in cyber security principles. Install, use and regularly update antivirus and antispyware software on every computer used in your business. Use a firewall for your Internet connection. Download and install software updates for your operating systems and applications as they become available. Make backup copies of important business data and information. Control physical access to your computers and network components. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden. Require individual user accounts for each employee. Limit employee access to data and information and limit authority to install software. Regularly change passwords.