3 tips from the AIVD for more cyber security

The common interest of cyber security is clear: a company wants to keep its business operations going, the AIVD keeps the gate closed for attackers who disrupt Dutch society. 

Both the BV Netherlands and the AIVD are increasingly busy with this. On the one hand, there are criminals who commit computer trespassing out of self-interest. But also think of foreign powers. It's the national dimension to the publication of the NBV.

Cyber ​​criminals really aren't just looking for money. Does your company possess technology, distinctive knowledge or vital infrastructure? Then cyber security deserves the full attention of everyone, at every level.

Think in risks

We assume for a moment that the knowledge has already penetrated the boardroom. But what about awareness in other business units? It is the guiding idea of ​​the first principle Risk Thinking.

Making policies around cyber security does not mean that the entire company has to lie under a crippling blanket of security measures.

You may be able to prevent such an attack, but in the meantime you are killing your turnover because of a rigid policy. And it doesn't get any more fun in the workplace itself that way. Effective cyber security is therefore not one size fits all. It's customization.

Not a fence for everything

The NBV therefore recommends making a balanced assessment of the risks. Crown jewels are locked up; in other places an acceptable residual risk is sufficient.

To stay in the metaphor: you estimate that risk by making a treasure map. Before attackers do. What do the crown jewels look like? And how is the route?

The answers to these questions are the homework for the organization. You can only protect sensitive knowledge and resources if you as an organization also know which data that is. Therefore, identify them for the entire organization and treat them as such.

Cyber ​​security before it's too late

The second principle of the NBV is called Assume Breach and prevents talk afterwards. It answers the question 'what if?'

Suppose a cyber attack succeeds, what plans are there to limit the consequences? Running around in panic won't help, but the impact and duration will shorten.

Which colleague can you call day and night, once it is hit? Who directs that person? And because no company manages everything in-house: which external parties should be aligned? What are they going to work on?

In such a situation, a backup is a valuable process accelerator. If you are forced to start from scratch again, you start by using such a backup.

The obvious point of action is therefore that a backup must be available. And preferably as current as possible.

Keep working on your cyber security

The third principle is simple, clear and perhaps the most difficult: continuously improving your cyber security. Government services are now talking about two types of societies: the physical and the digital.

The digital facilitates the physical and makes work and daily life more pleasant and easier. Provided that you keep malicious people out.

The digital society is getting bigger and therefore more complex. And therefore more vulnerable. Malicious ones carry out more attacks and they constantly change their approach.

The approach in 3 bullets

Use security from reputable suppliers

Pay attention to professional configuration

Maintain the software and hardware continuously

Make sure the tasks are embedded in the organization

Performed by well-trained IT professionals with the right attitude, who continuously point out the need for cyber security to other colleagues.

Want to know more?

Do you have any questions or do you want to know more about our services and solutions? Feel free to send us a message. We like to think along with you.

Or contact us by phone 085 - 489 1240.

Others
Blogs

HubSpot CRM Testimonial from Jaap van Vliet
HubSpot
Jaap van Vliet

Help! I'm quarantined in HubSpot

Recently we set up a trial for a law firm for HubSpot Marketing Hub and HubSpot Sales Hub. But what if your invitations stall, because HubSpot pulls the emergency brake and place them in Hubspot quarantined contacts?

Read more "
Black Friday
IT Security
Lennert Hut

Don't make Black Friday Black December

Black Friday? Nice retail promotion for shoppers. But also a risk for IT Security in an organization. With a password manager you prevent business damage caused by leaked personal passwords.

Read more "