Data Breaches Hurt 43% of Businesses Last Year

Do You Have a Cyber Security Plan?

Whether you use a third party for your retail website or exchange intellectual property with customers and partners, you need to protect your business information.

It’s the types of breaches you don’t oftenread about that have longer lasting effects on the effectiveness of your business.
The data targets are many; intellectual property, company secrets, employee records, business plans, customer data, financial and legal documents.

It’s not only cyber-attacks that you need to worry about. Of the 43 percent of businessesthat experienced some type of data breach in 2014, less than one-third were due to cyber-attacks.

Here are 5 things you should think about when locking down your valuable data assets, and no matter how simple, you should have a security plan:

It’s Not Just Digital 

The most important aspect of protecting information is clear communication to your employees of your expectations around handling information. A simple security policy can keep everyone in know about Confidential (e.g. employment applications) and Proprietary (e.g. secret copyrights) documents.

Secure Your Premises

Locks, digital entry systems, alarms and perimeter obstacles such as fences are considered deterrents. These simply make an unauthorized entry take longer thus deterring a would-be thief from taking on the job in the first place. Digital entry systems add the further protection of knowing who was on premise and when.

If you manage your own computer systems keep them in a secure area where only authorized personnel have direct access to the hardware. This, along with proper digital access controls for applications that your employees and customers use will improve your security posture significantly. 

Anyone Can Read Your Email 

Yes, sending documents and information in emails is easy but almost anyone with a basic knowledge of networks and communication protocols can read email relayed through the Internet.

If you have sensitive information to share or collaborate on, use technologies such as Box.com, which has services to send and receive documents in a secure and authenticated manner. 

If you use an internal email system, make sure you set up policies that can detect certain types of data such as SSNs, company documents and potentially dangerous attachments, block these at the source. 

This practice is known as DLP (Data Loss Prevention) and is the most commonly used form of preventing the problem from occurring in the first place. But nothing is more valuable than simple communication to your workforce of the known dangers of email and your expectations around email usage. 

If You Don’t Use It, Don’t Store It 

An outdated process or application collects social security numbers when they are no longer needed or used; “we always file the applications and background check results in that unlocked filing cabinet”; “our repeat customers like the convenience of not having to provide or enter their credit card every time they do business with us.”

It’s a balance and you have to make the call, but consider that every time you store information, paper or digital, your liability increases. Even if you store documents or data at a 3rd-party, you are still liable. 

Simple dedication to keeping things cleaned up and diligence in assessing real need can go a long, long way. This includes making sure that when computer/PCs and mobiles are no longer used or are being replaced that the old versions are electronically cleaned and recycled.

Social Engineering

It’s not just data and documents that can leak sensitive information about your business and customers. Many times human interaction is the culprit of some very damaging security breaches. Social engineering is an industry term when a fraudster uses relationship knowledge to gain access to information that would be otherwise unavailable.
Once again clear communication to your employees about what kind of information, if any, should be provided to outsiders without proper verification or permission, this could be reporters, competitors, salesmen or just criminals trying to steal from you. The impacts of tipping off the ne’er-do-wells could damage your reputation and lose you money.

Digital Security

Digital security is an area in which businesses sometimes have the least control. When providing digital applications to your employees, partners and customers there are a number things to consider, however, we will only discuss two of the most important; authentication and encryption.

We are all familiar with logging in to a web site with our user name and password. This is known as authenticating and we have all read about cyber-attacks attempting to guess your ID and password. 

The most important, and easiest, mitigation for this vulnerability is to communicate and enforce strong password practices with the applications you own. In many cases systems should require password resets every once in a while, this keeps fraudsters guessing.
Sometimes, however, our most valuable digital assets need something even stronger requiring two or even three types of ID. Something you know (e.g. password), something you have (e.g. iWatch) and something you are (e.g. thumb print) is the model for the most secure systems. The thought is that fraudsters would have difficulty getting a hold of two or more forms of identity e.g. user id/password and your thumb.

Encryption is important as it makes data unreadable (including user ids and passwords) while it travels over our internal networks or the internet. This keeps hackers from obtaining access to our sensitive data while it is in flight. Most of us are familiar with https:// we see in our browser address bar and configuring our wireless routers with WEP and WPA. Make sure you are leveraging these technologies when granting access to any application whether internal or provided by a 3rd-party.

Authentication and encryption are very important aspects of cyber-protection, but are too complicated for most to manage. Consult your network specialist.

Security in today’s cyber-world is a complicated and ambiguous matter, but it doesn’t take a rocket scientist to protect your business. There are many simple measures that can be taken that won’t break the bank and will assure the safety of your business’s valuable information. So, no matter how trivial it may seem, get to work on your security planning, create a policy and keep in constant communication.

Business.com: http://bit.ly/1JtaCjV

 

« CBI Chief Calls On the Board to Deal with Cyber Threats
Signs a Board Thinks Security is Better than It Is. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

WebARX

WebARX

WebARX is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Protergo

Protergo

Protergo is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Cyber Defense by Q

Cyber Defense by Q

Cyber Defense by Q provides specialist consulting services in the areas of Information Security, Technical Security, Security Information and Event Management (SIEM), and Cloud Security.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.