Aug 01

Industry Insights

Effective IT Management - Focus on Reducing Cyber Security Risk

As cyber threats grow in both volume and sophistication, businesses need to become more agile and proactive in their defence against cyber-attacks. No business or organisation is immune, regardless of size or industry. Despite the risks they now commonly face, many businesses fail to implement adequate levels of security to protect their systems and data.

Cybercriminals are increasingly targeting their attacks on SMEs, as they attempt to exploit a lack of awareness around cyber security and limited budgets. According to Verizon’s Enterprise 2018 Data Breach Investigation Report, 58% of malware attack victims are categorised as small businesses.

What does an IT manager or business owner need to do to protect their business from cyber risk?

1. Focus on the basics – too often they are ignored. Regular patching, cyber awareness training for staff, password management, two factor authentication and secure network configurations should all be given due consideration.

2. Conduct an IT security review – engage with an IT security company to assess where your IT systems currently are in terms of delivering adequate protection.

3. Multi-layered approach - The key to safely securing your business from cyber-attacks is layering. The more layers you have securing your network the better. Antivirus is just one such layer, others include next-generation firewalls, ongoing patch management, secure offsite repository and disaster recovery plan.

4. Mobile device management - The use of smartphones, tablets, handhelds and other mobile devices in the workplace has now become prolific. Implementing a mobile device management solution can block unsupported and potentially harmful devices from accessing the network and easily enable businesses to create and manage organisation-wide device security policies.

5. Ongoing proactive monitoring - The importance of ongoing monitoring of cyber activity in a business network cannot be over emphasised. Identifying threats before they do damage is more effective than addressing the threat after a problem has occurred and involves less cost and disruption. Some forms of malware can bypass firewalls or gain access via an unpatched vulnerability, and then lie dormant in a network, evolving over time. Ongoing and continual monitoring identifies threats that could potentially activate at any time.


Cyber breaches can and do happen. Don’t make the mistake of thinking it will never be you. The biggest risk to a company’s IT security is complacency. For hackers, every company - no matter what industry they are in, what their turnover may be or how many staff they have - is a target.

It is also important to remember that security is an ongoing process that requires routine updates, maintenance and management, rather than one-off solutions. Learn more about how Novi forms long-term partnerships with customers to ensure continued security.