News companies can safeguard against cybersecurity risks in these 4 ways

By Jodie Hopperton

INMA

Los Angeles, California, United States

Connect      

Today we all face the potential of cyber attacks that disrupt operations, compromise sensitive data, and damage reputations. I spoke with a few cyber security experts, and there are some common themes of things we can do. 

One executive I spoke to told me about all the attacks they have had in the past. I remarked that he looked remarkably considering daily, ongoing threats and the weight on his shoulders. He replied that it’s all about mitigating risk and understanding where the weak points may be. If you read no further, take note of that. 

And for the rest of us, let’s dig deeper.

Identifying and addressing internal risks

Understanding where vulnerabilities lie is crucial. Tech companies often refer to “red teaming,” which involves an internal or hired team simulating various attacks on the organisation to check its resilience. 

News companies must be proactive with cyber safety.
News companies must be proactive with cyber safety.

Better that you do it than a real attacker. If you can, establish a minimum security baseline which compels potential attackers to reveal their tactics early, enabling you to counteract effectively.

Proactive security measures

Of course it’s better not to wait until you are attacked before you fix something. Here are some key proactive strategies to protect yourself:

  1. Build security by design: Security should be integrated from the early stages of any project, ensuring safe development practices. This should be part of products day-to-day thinking. 

  2. Procurement process: As tech stacks and tools are modularised using different tools out there, security considerations have to be part of any procurement process.

  3. Specialised teams: If your organisation is big enough, get an in-house expert or team so you have consistent oversight and testing. 

  4. Collaboration with specialists: Partnering with cybersecurity experts will allow you to stay ahead of new and sophisticated threats.

Foundational principles for customer data

Protection of customer data is likely to be one of your core security principles. Ensure customer data is not shared widely and that information is ringfenced for specific use as much as possible. That way if there is an attack, it will only affect part of your data. 

It’s also helpful to have ongoing and open internal training and Q&A sessions so everyone who handles customer data can stay informed.

Governance and monitoring

Build a risk register and keep it up to date with new vulnerabilities. There are frameworks that you can adhere to such as the U.S. government’s National Institute of Standards and Technology and ISO 0171, which will help you maintain high standards of governance, risk, and compliance.

Frameworks such as NIST will help you evaluate your security posture on a scale from one to five. Key metrics include vulnerability management, patching, password policies, and regular risk assessments. 

Conclusion

Investing in cybersecurity is not just about preventing breaches; it’s about creating a resilient organisation capable of withstanding and recovering from attacks. By being proactive and adopting a comprehensive approach, it’s possible to safeguard operations, protect our customers, and maintain trust in our digital offerings.

If you’d like to subscribe to my bi-weekly newsletter, INMA members can do so here.

About Jodie Hopperton

By continuing to browse or by clicking “ACCEPT,” you agree to the storing of cookies on your device to enhance your site experience. To learn more about how we use cookies, please see our privacy policy.
x

I ACCEPT