Weak cyber security & reputational risk

Cyber attacks can be highly damaging, not just in terms of monetary loss but also with respect to an organisation’s reputation – its most valuable asset.

Compromised cyber security has a long-term reputational effect on a business. The causes of a breach are varied and range from weak IT setups to compliance failure, identity theft, and untrained personnel.

While in the past businesses often felt that cyber attacks were something that would not happen to them, the increasing number of data breaches over these last years has made cyber security and data privacy a concern in every board room practicing effective governance. Consequently, there is a growing awareness that board members and senior members of management need to recognise cyber security risk as part of their remit when reviewing processes, business continuity planning, and the disclosure of material risks. Businesses handle significant amounts of sensitive information, including clients’ personal and commercial data, bank account details, employee personal data including health-related information. Companies have a duty of care to ensure that all of this data is appropriately protected.

Most businesses have limited resources to effectively manage cyber security risks.

Business owners may mistakenly believe that having certain defense mechanisms such as antivirus software and firewalls is the solution to manage cyber security risks. The misconfiguration and mismanagement of these defense mechanisms may actually expose the business to a higher level of cyber security risk. Businesses must approach cyber security holistically, in the same way, they would handle the financial health of the organisation. It is the collective responsibility of everyone in the organisation to protect it from cyber-attacks. Organisations, led by the board of directors and senior management, should take all necessary precautions to avoid being the next news headline.

The following are five basic steps to start addressing cyber security risks:

1. Security threats don’t originate exclusively online. Ensure that your offices are well protected to prevent physical unauthorised intruders;
2. Locking your computer while you are away from your desk will prevent unauthorised access to the information stored on your laptop and your server shared drives.
3. The use of passphrases provides essential protection from both financial fraud and identity theft. A passphrase is longer than a password and may contain spaces in between words. Furthermore, passphrases are easier to remember and are next to impossible to crack
4. Use multiple different passphrases/passwords to stay safe. In order to keep your personal information safe, use separate passphrases/passwords for each online account you have, especially for the most sensitive ones such as your internet banking or email accounts.
5. If an email looks suspicious or you were not expecting an email from this sender, double-check with your IT team to check the legitimacy of this email, as this could be a phishing attempt.

Mazars Malta has extensive expertise in the performance of vulnerability assessments, penetration testing, and cyber security training. We can help you and your organisation implement the appropriate security measures to protect against cybersecurity threats and potential damage to your reputation.