Cybersecurity Awareness Month has just past. But for the majority of businesses in and around Philadelphia, security threats should be number one on their radar for the end of 2017 and beyond.
Cybersecurity has massive impact on every organization from every industry, both private and public, large and small, businesses with internal IT departments and outsourced IT support teams.
At its core: your business’s IT Security strategy should have laser-like focus on how to prevent attacks from happening in the first place.
BUT Your Security Is Likely Not Even Protecting Your CEO!
Just to give an example of business security problems, over 30% of CEOs have had their company email address and password stolen without their knowledge. Many of these victims have had other accounts compromised because of shared passwords across accounts.
Over half of CEOs that have had their email compromised have self-reported having other business and non-business accounts tampered with or compromised as well. CEOs are a big target for cybercrime for many nation state hacking groups.
Today, I want to reiterate some of the biggest actionable items your IT Support should be looking for when monitoring your IT Security.
Make sure you are patching—one of the easiest ways into a network is through one that is not properly maintained. Most people simply assume that basics like security patching vulnerabilities that Windows and other software companies hand over would be applied in a timely manner.
But unfortunately, patching and network maintenance are two of the most-overlooked aspects of business security.
IT Support teams often are too busy or do not have strict processes in place to consistently apply and maintain updated patch schedules. If we learned anything from the Equifax hacks earlier this fall, it is that patching regularly (AND testing patches to make sure they were applied without causing incidents) are crucial in security prevention.
Secure comprehensively—most often, businesses concerned with IT Security might expect to have one person on their team ‘doing security’. Unfortunately, security is not a one and done job. And security is not something that can simply be siloed to one person to oversee and maintain.
Every single endpoint and every single point of contact on your network could be a point of access for a hacker.
If you are relying on one guy (or gal) to monitor and secure your business, you likely are having security vulnerabilities fall through the cracks.
A cybersecurity initiative should be comprehensively part of your IT Support solution— every technician should understand security policies enforced by your business (and agencies enforcing compliance where applicable). They should alert users to security best practices while working out user issues.
By protecting every part of your business—every end user and every machine consistently, you will prevent easy vulnerabilities from slipping through the cracks.
Know how to use least privilege—many companies don’t realize that they grant team members access to more information than they need to successfully fulfill their jobs. Some team members are unknowingly on email chains or have access to folders that they don’t need to have available to them.
The problem with giving people more access than they need is that your business risks having more exposure to a potential data breach in the event someone gets phished or someone’s account gets hacked. The more privy data you leave exposed, the more likely it will get into the wrong hands.
Monitor what specific activity is common on your network—the best way to detect a breach in progress is first having a complete baseline understanding of what network activity routinely looks like. When incidents contrast the norm, IT Support should investigate and understand what is happening on the network to cause activity irregularities and have response plans in place in the event hacking attempts are being made or if there is a breach in progress.
Heuristic security improves over time—having security that learns to detect attacks from past events is critical in modern IT Security. Heuristic firewalls—those that understand what attacks have looked like in the past will help learn and detect how future attacks may present themselves. With advances in computer programming techniques like machine learning and artificial intelligence, nowadays, your IT Support team should be thinking about more effective ways to detect and prevent attacks from hitting endpoints on your network.
Know your threat landscape—instead of simply reading about the latest attack in the New York Times or the Tribune, your IT Support should be scraping the web for hints of the latest breaches and attacks. They should be able to field any recommendations and answer any questions regarding the current attack landscape. You may even ask an expert on their team for insights into how your business should protect against upcoming attacks.
Having a team that understands the threat landscape and is able to proactively react to that constantly changing environment is critical for your business cybersecurity.
Take a holistic approach to security—instead of simply going at security in an ad hoc manner, you want to have security in your quarterly and annually business planning meetings. Your ultimate goal is making your organization safer from the bottom up and the top down.
Your IT Support should be actively interested in your business planning sessions and should be fielding advice on how to strategize security given the current threat matrix. They should make recommendations, provide security metrics (i.e., show you explicitly how they have protected your business and identified and fixed security issues) and enforce security policies.
Are you certain your security plan is comprehensive? Is your business protected enough to prevent being a target to hackers? Contact us TODAY for a FREE cybersecurity assessment.