Cybersecurity management and strategy

Security awareness training

Most security breaches in digital business processes – data leaks, system hacks – are caused by what is referred to as ‘the human element’. This is a nice way to describe people leaving a usb-stick containing data on the train, clicking on links in emails from a non-trusted source, or creating a password that is so easy it can be hacked within minutes. You can partly arm yourself against this by technical means, but don’t omit to invest in your employees. Make sure everyone who works for you – including yourself – is aware of the dangers and pitfalls, and how to prevent falling into them. Organise (online) cyber security awareness trainings, and make them compulsory. Ask your IT supplier to help you become and stay safe.

Types of cybercrime

The types of cybercrime against businesses most often reported are:

• Digital theft (for example identity theft, data theft)
• Extortion
• Fraud
• Cyber attacks on websites
• Industrial espionage

The Dutch government has announced its intention to focus on fighting these types of cybercrime in the coming years. See Government.nl for more information. The National Cyber Security Centre (NCSC) is part of the Ministry of Justice and Security. Under the Act on the security of networks and information systems (Wbni), digital service providers, organisations that provide essential services, and central government are obliged to take measures to prevent cybercrime, and to report serious digital security incidents to the NCSC. Watch this video about the Wbni.

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government and the business community. They undertake efforts at strategic level to bolster cybersecurity in the Netherlands. The Netherlands Fraud HelpDesk keeps track of the ‘trends’ in cybercrime and warns against specific ruses. You can use their website to stay up-to-date on the latest scams, or to report one. Read more about fraud deception here.

Cybersecurity essentials

You can take several technical precautions to keep your company safe from cyber security attacks. The most common ones are installing a firewall, using up-to-date (constantly updated) anti-virus and anti-malware software, using two-factor authentication for accessing your business systems, and controlling your business systems from a central (IT) department.

Use protocols for installing new software, and make sure portable data media (such as usb devices) are automatically tested for viruses and malware before they are used.

Back up your systems and data regularly, preferably in the cloud.

Not only your IT processes are vulnerable to attacks. If you use machines to produce goods, chances are these machines are hooked up to your network. This makes them vulnerable to attacks, too.

Cyber Security Audit

Have you done enough to protect your organisation from cybercrime? There are several tests and scans you can take to assess your level of cybersecurity. The Netherlands Chamber of Commerce has written an article on cyber scans. There is also the Cyber Security Scan Smart Industry (in Dutch) to help you identify weak spots in your armour. The scan was developed by the Ministry of Economic Affairs and Climate Policy, Smart Industry, TNO and the Netherlands Enterprise Agency.