DEVELOPING A CYBERSECURITY CULTURE IN NEPAL

From the recent increase in the activity of cyber-attacks has made it very evident that Nepal as a country hardly practices cybersecurity culture. Even the biggest of the companies like Banks, Private Corporations, and even the Government Organizations has been the victims of cyberattacks in the recent past. Let’s get the bad news out of the way: the prime reason for any organization becoming the victim of cyber-attacks is the human error caused by the employees of the organizations. A study says that 80% of data breaches are unintentional hence we can say that employees do not deliberately get into data breaches. However, their lack of knowledge regarding cybersecurity makes them do that unknowingly.

Citing the example of companies like Equifax in America where the error of one employee resulted in the exposure of data of 146 million Americans makes this fact even more evident. In Nepal and most of the countries in the world, a company generally invests a huge amount of money in hardware and software to protect itself from cyber-attacks. However, educating its employees regarding the risks and importance of everyday awareness is the key factor that prevents your company from being the target of the next cyber-attacks.

Referring to statistics from the Ponemon Institute, Security Intelligence lays out the following facts.

1. The average cost of a data breach is $148 per record.
2. On average, it takes a large business about 196 days to even determine that a data breach has occurred.
3. In 2018, the average cost of a data breach could range between $2.1 million for fewer than 10,000 records stolen to as high as $5.7 million for incidents with 50,000 compromised records.

As we are in 2020, we need to focus on three crucial things about cyberattacks:

1. The likelihood of a cyber breach is extremely high.
2. The cost of cyberterrorism can damage a company’s long-term health.
3. Our employees put us at risk of cyberattack.

What is a culture of cybersecurity?

Identifying your organization’s risk is the first step towards developing a cybersecurity culture i.e. knowing which data and systems need protection, and what kind of security needs to be implemented? Beyond deploying the right hardware and software to mitigate risk, cybersecurity needs to be actively understood and practiced by everyone from the oldest to the newest employee. Making everyone in the organization aware of the threats and normalizing culture around both digital and physical security is important.

A culture of cybersecurity means that organizations have an ongoing perception of digital risk and work actively to mitigate it.

Best practices for creating a culture of cybersecurity at work

The most general cyber-attack called Phishing scams are growing more sophisticated, and most of the employees are still making poor password decisions that could harm the company.

In 2016, 3.3 billion credentials were stolen online with poor password security playing a big part. Employees should not set easy passwords like “123456” or “password”. Here are six ways to create a stronger cybersecurity culture:

1. Educate everyone on the trending threats and get top-down to buy-in.
2. Establish procedures and protocols to enforce security.
3. Have ongoing programs to engage employees in cybersecurity.
4. Focus on the basics and build from there.
5. Help remote workers stay secure.
6. Make it everyone’s responsibility and use IT as an enabler, not the “big stick”.

Perform regular back up of data and establish a strong security culture with end-to-end security measures that include third-party verification and encryption. Employing an IT Managed Service Provider to supplement your team is also a good idea.

Well for finding an IT Managed Service Provider is as easy as calling us “Information Technology Concerns Pvt Ltd”. We will gladly guide you on your journey of practicing cybersecurity culture in your esteemed company.