Businesses need to assume the worst when planning security

Organisations should assume the worst when drawing up plans to deal with the protection of their networks and corporate data in order to best prepare for every eventuality.

Speaking at a Westminster eForum event, Trend Micro chief technology officer Andy Dancer said the range of threats facing firms means that IT teams should devise security strategies from a worst-case scenario standpoint.

"Businesses should assume things are going to go wrong and figure out what they'll do when it does and have people on standby to help so you can deal with events quickly and reduce the PR damage," he said.

William Beer, director of the information security practice at PricewaterhouseCoopers (PwC), added that firms needed to ensure they have dedicated cyber security teams comprising the most technically savvy staff in the organisation.

"You need a dedicated team in place that can deal with incidents and is nimble enough to cut through all layers of an organisation to respond to problems," he said.

"Younger employees should be included in these teams and if you're not on sites like Facebook or Twitter then you're not in the right place to help your organisation if incidents occur."

He added that big businesses should also start to talk up their work in protecting themselves from cyber criminals to show they are being proactive and aware of their duties.

"Organisations need to be more aggressive and transparent on their stance to cyber security. They should be open and say they will use every means at their disposal to fight back against hackers," he said.

Meanwhile, the chair of the Mobile Data Association, Mike Hawkes, said that firms should assume attacks will come from the raft of mobile devices now being used by staff, including smartphones and tablets.

"You are going to be invaded and you have to have a plan for invasion across every form of device," he said.

Data loss remains a huge issues in both the private and public sector, with information uncovered on Wednesday revealing that a local authorities have suffered 1,035 data breaches since 2008.