Stories of advanced cyber threats coming from China, groups like Anonymous, RAM scraping of “Point of Sale” machines at retailers such as Target, and other rogue “hacktivists” have splashed across the news in the last six months. Coupled with the NSA leaks, this last year is one of realization; that no one, not government, enterprise, or individual, is immune to cyber threats.
For companies, this arguable advent of a new, even scarier era of enterprise cyber security threats presents more challenges than ever to repel external assaults on IP, financials and other key IP or commercial data. Despite this, many organizations still lack a fundamental understanding of how to effectively protect themselves from these new threats.
With all that said, you are going to ask yourself how can I protect myself against all this what am I supposed to do to ensure the safety of my business, here is some ways could make you able to protect yourself.
Policy Review and Employee Education
Smartphones are not going anywhere, so you better have a BYOD (Bring Your Own Device) policy in place. This is especially the case given the age of the “Millennials” who tend to give less credence to cyber security threats and certainly are more likely to be accessing social media while working.
And if you don’t think social media can be used as a weapon to infiltrate IT networks, take a look at what occurred earlier this year, when two researchers hacked a government network, received confidential VPN credentials and got a fake person a government job, all with a few clicks and a Facebook account.
In short, it is imperative that HR is involved in developing policies that educate employees on cyber security risks, even including things that should be common sense, such as using social media, opening suspicious emails or connecting to public Wi-Fi on a company device.
Conduct a Security and Self Risk Assessment
The CIO, IT and key operational executives should conduct an assessment to determine what to protect, what protection already exists and where the gaps are. If you have not started this assessment you can bet your board will be grilling your C-level executives for not already addressing this risk. For most, this means developing a plan to protect your intellectual property and critical data, such as key process know-how, computer code that’s part of a product or offering, operational information (volumetric info, revenue, product availability, financial earnings, etc.), and even client data. The information that could damage you most, should it get in the hands of competitors or other malicious parties.
Limit Access and Sources of Entry
Every desktop, notebook and mobile device is a possible entry point into your organization’s network, which can leave you open and vulnerable to security threats. Limiting the degree of access that employees helps make your organization safer and more secure.
Consider limiting file or server access to only the employees who legitimately need to access the information. Does every employee need access to customer invoices or payment records Limiting access as a preventative measure is great insurance against potential damage should a threat make it through your organization’s safeguards? Protecting your system and network doesn't have to be a huge investment. By taking steps to educate your entire organization -- before trouble strikes -- and taking extra care to protect sensitive areas that may provide easy access for threats, you can keep your business, and your business-critical information, safe and secure.