DEREK SMITH: Develop cyber security plan to meet your need


Derek Smith

As technology becomes an essential feature in every business, there is a growing need to ensure its safe use. Companies store crucial data and depend on technology for their day-to-day operations. With the continuous evolution of cyber threats and stringent regulations, companies need a firm security plan. However, every firm has unique needs, so more than just a generic solution might be required.

This year marks 20 years of Cyber security Awareness Month, which is celebrated every October. Cyber security is more than just a buzzword. It is a structure underpinned by governance, risk and compliance (GRC). While most grasp the idea of “compliance”, many overlook the potential financial repercussions for top executives when legal and regulatory challenges arise. This can damage the company’s reputation and lead to financial problems for both the firm and its leaders.

Cyber security compliance and governance are of critical importance to businesses and their executive leaders. This article explores cyber security compliance and emerging threats in the field, while highlighting steps towards sustainable cyber security compliance.

Cyber security Compliance

When discussing cyber security compliance, we refer to a company’s commitment to rules, standards and industry guidelines that are meant to protect data and digital assets. The specifics vary based on industry type, company size and location. Several cyber security frameworks are widely recognised, such as ISO 27001 and the NIST Cybersecurity Framework. Both follow a risk-based approach and are considered technology-neutral.

It is frequently believed that compliance can only be achieved through technological means, which places primary responsibility on the chief technology officer (CTO). Conversely, there has been increasing recognition of the human factor’s significant role, and it has also been established that technical solutions alone cannot effectively mitigate security breaches. It is not enough to add more training to raise awareness of security practices, but to build a culture of creativity, sensitivity and engagement among employees.

Emerging threats and generic plans

In today’s digital era, companies face a complex threat landscape that is becoming more sophisticated daily. Several types of attacks target companies, including ransomware; phishing, which tricks persons into sharing sensitive information; advanced persistent threats (APTs); and well-funded, determined attackers.

It is challenging to develop a universal cyber security blueprint due to the diverse IT structures in companies. Relying on a one-size-fits-all plan poses several issues:

  • Lack of Customisation: The generic plan might not address unique challenges or needs, leaving security gaps

  • Increased Breach Risks: A generic plan might miss specific security threats for a particular company

  • Vulnerability Exploitation: Cyber criminals often exploit weaknesses that general plans overlook, leading to significant breaches

Steps towards sustainable cyber security compliance

  • Risk Evaluation: Begin with an all-encompassing risk analysis. Grasp the nature of the data you manage, the systems in play, and the possible consequences of breaches

  • Formulate Policies: Construct a detailed cyber security blueprint that showcases the standards and best practices. Regular revisions and team training are recommended

  • Integrate Security Measures: Employ necessary tools and strategies, such as firewalls, encryption and regular software updates

  • Ongoing Audits: Continually assess your cyber security efficacy through internal and external checks to identify and rectify any weak points

  • Partner with Experts: The cyber security realm is intricate. If you lack in-house expertise, collaborate with professionals

In conclusion, cyber security is not merely a trending topic; it is a business necessity. By giving it the attention it deserves, corporate leaders can ensure a safer, more stable future for their firms.

• NB: About Derek Smith Jr

Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.


Use the comment form below to begin a discussion about this content.

Sign in to comment