SEV: Ten Practical Steps for Digital Security in Businesses

Cyberattacks pose a serious threat to large and small businesses alike, as they can negatively impact the smooth flow of activities leading to potential loss in revenue and clients.

To this end, the Hellenic Federation of Enterprises (SEV) has issued a statement recommending ten practical steps for enhancing the digital security of companies.

Emphasizing the critical importance of cybersecurity for enterprises, the announcement highlights that a breach in a company’s digital security affects its people, operations, legal obligations, assets, reputation, and even its network of collaborators.

George Xirogiannis, the Director General at SEV, the CEO of its research institute, and Vice-President of IVEPE-SEV, underlines, “SEV provides practical guidelines to businesses to fortify themselves against cyber-attacks, given that a ransomware attack occurs every 10 seconds, and one in four organizations fall victim to an attack every week. Similar to security in the physical world, cybersecurity involves the technological infrastructure, management processes, collaborators, and the people of the business. It is an integral part of the digital transformation of businesses, directly linked to their operational continuity, reputation, and the integrity of their assets.”

Some of the figures in terms of actual cyberattacks against enterprises and the risks and impact businesses face are:

• 43% of medium and small businesses that suffer data loss do not resume operations.
• It takes an average of 23 days to restore functionality after an attack.
• Restoration costs post a cybersecurity incident are likely to result in a 57% increase in product and service prices, affecting the competitiveness of the business.
• 85%-90% of successful cyber-attacks are based on human error, and a single attack can lead to double or triple extortion.

The 10 steps to mitigate the threats of companies from cyberattacks

Where to Begin: The initial step is identifying weak points and evaluating the resilience of the business. This can be done internally or with external partners, forming the basis for the business’s cybersecurity action plan.

Focus Areas for Cybersecurity Actions: A roadmap for cybersecurity guides actions for upgrading systems, training procedures, and protocols for managing cyber incidents, as well as raising awareness among the business’s staff.

Responsibility for Cybersecurity: Responsibilities and authorities for cybersecurity are distributed within a governance mechanism, specifying processes, involved parties, and protocols for action in cases of incidents and data breaches.

Protecting Equipment, Data, and Systems: Simple yet significant actions, such as securing passwords and emails, updating security measures, etc., aim to monitor and safeguard connected systems and devices from malicious threats.

Protecting the People of the Business: Exercises, seminars, and updates cultivate a cybersecurity culture, reinforcing the resilience of the business and the continuous vigilance of its employees.

Connecting Cybersecurity with Operational Continuity: A cyber-attack poses an operational risk, and a comprehensive operational continuity plan anticipates responses to cyber risks and prescribes proactive measures for quick recovery from an incident.

Recovery After a Cyber Attack: Activating an incident response plan outlines methods for incident management, limitation of its impacts, and recovery from it.

SEV underscores the necessity for businesses to implement these steps to fortify their digital security against the escalating threat of cyber-attacks and ensure the sustainable and secure operation of their enterprises.