Join other Information Security Professionals and Subscribe

to receive monthly insights on securely enabling business transformation

Bridgeway Insights

How do you improve your cyber resilience? Here are Bridgeway's top tips.

How do you improve your cyber resilience? Here are Bridgeway's top tips.

Posted by Lisa Higgins 24 January 2019

Many organisations think their current email security systems are up to the job of protecting them. Unfortunately traditional email security strategies can fall short of keeping organisations safe.

Malwareattack

So what can you do? Here are Bridgeway's top tips:

1. Have a holistic plan in place for crisis management that embodies security, business continuity, data protection and end-user empowerment. Ensure the entire organisation is educated, engaged and involved in planning and response. Understand your needs, strengths and weaknesses and consider spreading out the responsibilities across the business.
 
2. Own it. Cyber resilience planning can be overwhelming and time consuming. There is often lack of ownership, investment and understanding of what needs to happen. There are a lot of moving parts and organisations often struggle to identify a single owner - the attitude of, "it's not my problem".
 
shutterstock_210979948
 

3. Deploy a cloud-based email security solution. More and more organisations are choosing a cloud-based solution because of cost, lack of security staff and skills, ease of deployment and management. As well as improved security efficacy.

4. Ensure your email security solution has a scanning layer that not only blocks spam and viruses, but also protects users from phishing, ransomware and impersonation fraud. Technology capabilities such as URL filtering, attachment sandboxing, instant preview and safe-file conversion of all incoming attachments are must-haves.

5.Your archive should be immediate – with data captured in transit – as well as tamper-proof and perpetual. Your users need the ability to sync files, folders, data and calendars and recover them if an attack occurs.

6. Bolster your business continuity planning by implementing a separate, always-on solution that provides multiple access systems through the web and mobile apps.

shutterstock_552213274-217838-edited

7. Educate staff. Regular end-user training can help maximise your organisation’s ability to respond to cyber threats, ensuring staff remain vigilant against email-borne threats. 

8. Educate the board. CISOs must ensure cyber resilience is identified as a priority by the board. Once the board can understand the value and ROI that comes from having a robust cyber resilience plan, they will trust and buy-in.

9. In order to keep the business running as normal, the organisation will also need access to emails even in case of a minor or even catastrophic failure of the organisation’s email service. Whether the email service is hosted on-premises or in the cloud, any service outage needs to be mitigated.

10. It's not just email. As threats are getting more and more sophisticated, malicious links can be delivered to users in many ways, including via embedded links in otherwise harmless websites, through instant messaging systems, via social network sites, and by ad networks. Remember this and consider introducing a web security service.

New call-to-action 
For a forward-thinking approach to cyber resilience, Bridgeway recommend Mimecast’s leading email security, compliance, continuity and archiving platform. A single, cloud-based service, Mimecast protects against the two dominant cyberattack vectors: email and the web. By unifying disparate and fragmented email environments into one holistic service that is always available from the cloud, Mimecast minimises risk and reduces cost and complexity, while providing total end-to-end control of email.