Data Breaches Hurt 43% of Businesses Last Year

Uploaded on 2015-12-07 in Directors Reports

Do You Have a Cyber Security Plan?

Whether you use a third party for your retail website or exchange intellectual property with customers and partners, you need to protect your business information.

It’s the types of breaches you don’t oftenread about that have longer lasting effects on the effectiveness of your business.
The data targets are many; intellectual property, company secrets, employee records, business plans, customer data, financial and legal documents.

It’s not only cyber-attacks that you need to worry about. Of the 43 percent of businessesthat experienced some type of data breach in 2014, less than one-third were due to cyber-attacks.

Here are 5 things you should think about when locking down your valuable data assets, and no matter how simple, you should have a security plan:

It’s Not Just Digital 

The most important aspect of protecting information is clear communication to your employees of your expectations around handling information. A simple security policy can keep everyone in know about Confidential (e.g. employment applications) and Proprietary (e.g. secret copyrights) documents.

Secure Your Premises

Locks, digital entry systems, alarms and perimeter obstacles such as fences are considered deterrents. These simply make an unauthorized entry take longer thus deterring a would-be thief from taking on the job in the first place. Digital entry systems add the further protection of knowing who was on premise and when.

If you manage your own computer systems keep them in a secure area where only authorized personnel have direct access to the hardware. This, along with proper digital access controls for applications that your employees and customers use will improve your security posture significantly. 

Anyone Can Read Your Email 

Yes, sending documents and information in emails is easy but almost anyone with a basic knowledge of networks and communication protocols can read email relayed through the Internet.

If you have sensitive information to share or collaborate on, use technologies such as Box.com, which has services to send and receive documents in a secure and authenticated manner. 

If you use an internal email system, make sure you set up policies that can detect certain types of data such as SSNs, company documents and potentially dangerous attachments, block these at the source. 

This practice is known as DLP (Data Loss Prevention) and is the most commonly used form of preventing the problem from occurring in the first place. But nothing is more valuable than simple communication to your workforce of the known dangers of email and your expectations around email usage. 

If You Don’t Use It, Don’t Store It 

An outdated process or application collects social security numbers when they are no longer needed or used; “we always file the applications and background check results in that unlocked filing cabinet”; “our repeat customers like the convenience of not having to provide or enter their credit card every time they do business with us.”

It’s a balance and you have to make the call, but consider that every time you store information, paper or digital, your liability increases. Even if you store documents or data at a 3rd-party, you are still liable. 

Simple dedication to keeping things cleaned up and diligence in assessing real need can go a long, long way. This includes making sure that when computer/PCs and mobiles are no longer used or are being replaced that the old versions are electronically cleaned and recycled.

Social Engineering

It’s not just data and documents that can leak sensitive information about your business and customers. Many times human interaction is the culprit of some very damaging security breaches. Social engineering is an industry term when a fraudster uses relationship knowledge to gain access to information that would be otherwise unavailable.
Once again clear communication to your employees about what kind of information, if any, should be provided to outsiders without proper verification or permission, this could be reporters, competitors, salesmen or just criminals trying to steal from you. The impacts of tipping off the ne’er-do-wells could damage your reputation and lose you money.

Digital Security

Digital security is an area in which businesses sometimes have the least control. When providing digital applications to your employees, partners and customers there are a number things to consider, however, we will only discuss two of the most important; authentication and encryption.

We are all familiar with logging in to a web site with our user name and password. This is known as authenticating and we have all read about cyber-attacks attempting to guess your ID and password. 

The most important, and easiest, mitigation for this vulnerability is to communicate and enforce strong password practices with the applications you own. In many cases systems should require password resets every once in a while, this keeps fraudsters guessing.
Sometimes, however, our most valuable digital assets need something even stronger requiring two or even three types of ID. Something you know (e.g. password), something you have (e.g. iWatch) and something you are (e.g. thumb print) is the model for the most secure systems. The thought is that fraudsters would have difficulty getting a hold of two or more forms of identity e.g. user id/password and your thumb.

Encryption is important as it makes data unreadable (including user ids and passwords) while it travels over our internal networks or the internet. This keeps hackers from obtaining access to our sensitive data while it is in flight. Most of us are familiar with https:// we see in our browser address bar and configuring our wireless routers with WEP and WPA. Make sure you are leveraging these technologies when granting access to any application whether internal or provided by a 3rd-party.

Authentication and encryption are very important aspects of cyber-protection, but are too complicated for most to manage. Consult your network specialist.

Security in today’s cyber-world is a complicated and ambiguous matter, but it doesn’t take a rocket scientist to protect your business. There are many simple measures that can be taken that won’t break the bank and will assure the safety of your business’s valuable information. So, no matter how trivial it may seem, get to work on your security planning, create a policy and keep in constant communication.

Business.com: http://bit.ly/1JtaCjV

 

« CBI Chief Calls On the Board to Deal with Cyber Threats
Signs a Board Thinks Security is Better than It Is. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Bromium

Bromium

Bromium deliver a new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Stanley Reid & Company (SRC)

Stanley Reid & Company (SRC)

Stanley Reid & Co is an Executive and Technical Search Firm serving the commercial market and the US Intelligence & Defense community. Our areas of expertise include Cybersecurity.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.