The Securities and Exchange Commission has called threats to cybersecurity "the biggest systematic risk we
have facing us."
Given the impact that breaches can have and the level of sophistication shown by hackers in recent breaches, it's not a matter of if a breach will occur, but when and how it will occur.
Cyber data — including financial data, sensitive customer information and employee records stored on the cloud or on the company's technology devices and networks — is one of the most valuable assets many companies own. Each year, management should evaluate what's being done to protect these intangibles, where vulnerabilities exist and how to make the assets more secure. Here are some cyber protection best practices for you to consider.
Think Big (and Small)
Many hackers operate overseas, making them harder to identify and prosecute. So, think globally when assessing your cyber breach risks. However, hacks are often perpetrated through the victim's small or midsize vendors. That's because smaller companies often lack the resources to put strong security measures in place — and hackers are ready, willing and able to take advantage. Consider the 2017 breach of the Equifax credit bureau when hackers gained unauthorized access to sensitive personal information on more than 143 million individuals in the United States, Canada and the United Kingdom. The theft was accomplished though a vulnerability in a website application. That was just one high-profile hack. Other big-name victims have included the Securities and Exchange Commission, JP Morgan, Target, eBay, Home Depot and Yahoo. In the Target case, hackers reportedly obtained information through a third-party heating and air conditioning vendor, which had access to the retailer's computer network. The stolen credit and debit card data was then moved to a server in Russia. Many other cyber crime incidents have also reportedly been linked to vendors with lax security. Some companies limit outside access to their computer networks, refusing supplier and customer requests to share data. Others require vendors to verify their network security protocols. Some companies are establishing cyber security ratings — similar to credit scores — based on the amount of traffic to a company's website coming from servers that are linked to cybercrime. As those ratings become more refined, managers may choose to avoid doing business with high-risk customers and suppliers.
Engage in "Cyber Hygiene"
Protecting against cyber threats is an ongoing challenge, not a one-time event. Every time a software, hardware or application manufacturer releases an update or patch, install it immediately on every device in a systematic fashion. Why? Hackers constantly troll for the latest patches and updates because they show where vulnerabilities exist. If hackers are nimble, they can exploit these vulnerabilities to steal data before customers have a chance to install the fix. Another useful prevention strategy is requiring periodic changes to log-in passwords. Hacked passwords can cause a domino effect, because people tend to use the same password for multiple accounts. For example, when Adobe lost 33 million customers' log-in credentials, other websites discovered that their accounts were being accessed using passwords stolen from Adobe. Some companies also use a security question or require users to select a preferred image to add another layer of identity verification.
Companies often have more devices connected to the Internet than management realizes. Moreover, when employees take devices out of the office, they expose data to less-than-secure home networks and public hotspots that provide wireless Internet access. Evaluate which devices need to be connected to the Web and take steps to minimize off-site risks. Consider limiting which employees can work from home, educating employees about the risks of cyber breaches and installing encryption software on devices that link to external networks. Encryption may create compatibility issues when sharing data with other companies and slow down data transmission. But it can be a powerful and cost-effective tool in the battle against cybercrime.
Cyber security is an important task that few organizations can handle exclusively in-house. At Cycrest, Network Security isn’t just a buzz phrase; it’s architected into every level of our process. We develop and engineer-in many layers of security into the networks we manage and build. Items like Commercial Firewalls, Anti-Virus, Anti-Spam and Anti-Malware systems are just the beginning. We believe in continuous education for our Team and using best practices, Cycrest provides security measures to keep you and your Organization’s network safe from the many threats in today’s market place, and that’s only the first step. With our 24/7 on-going system monitoring and our hourly, daily and weekly security updates to your system as well as network scans, Cycrest has you and your network covered. Cycrest works hard to help minimize downtime, network intrusions and attacks to help keep your system stable and bringing you increased productivity.
@ Copyright 2017 All Rights Reserved.
Brought to you by Cycrest Systems, Inc
For more IT information, check out our bi-weekly newsletter here: Click here for the whole newsletter