With the incidence of cyber threats growing more rapidly than ever, the issue of security has been brought to the forefront of every CIO’s mind. Today, cybercrime is a billion dollar enterprise, and it’s on the rise. In 2018, high profile cyberattacks plagued some of the world's largest organizations, releasing the personal records of millions, if not billions. With the incidence of cyberattacks growing year over year, no organization, regardless of size or industry, is free from the risk of data breach. It is no longer a question of if your company will be attacked, but when. For this reason, it is important now, more than ever, to implement a proactive approach to cybersecurity.
There is a misconception that implementing strong security measures will cost a business lots of time and money, resulting in a reactive cybersecurity approach; this means that companies wait until something happens, such as a data breach or cyberattack, before implementing a solution. The risk taken with this strategy actually ends up costing your business exponentially more time and money than proactive measures. Statistics show that the ROI for businesses that implement preventative security measures is met in the face of an attack.
By proactively addressing basic security concerns, companies can not only prevent lower level attacks, they can recover faster from and reduce the impact of data breaches. Here are three tips to start implementing proactive security provisions for your business:
Identify goals and set standards for policies, processes and procedures of security
To begin implementing a proactive approach to security, it is important to first identify what your company’s security goals are. Consider your industry and the type of data your company manages when setting goals. Based on these factors, your company may be more vulnerable to attack and need to implement stronger security parameters.
After identifying the goals pertinent to your organization, you can identify which standards your business' security practices should meet. You should both outline the criteria for implementing these standards in a disaster recovery plan, and take care to make sure that these standards are upheld and met by all employees.
Look for gaps in your existing strategy and Implement new solutions
The security field is constantly evolving. Unfortunately, this means that the "set it and forget it" mentality doesn't apply to a cybersecurity strategy. Security measures you may implement today could become obsolete in a matter of years, months, or even less. Hackers often find ways around the tried-and-true security methods, which means that those standards can't always be relied on. They may look for common vulnerabilities and exposures, otherwise known as CVEs, which show them viable paths by which they may breach your systems. These include unapplied updates and patches, weak passwords, unaddressed software vulnerabilities, outdated anti-virus, etc.
To proactively identify and combat these exposures, enterprises can hire a third party company to initiate a “friendly” attack. This company will work to effectively identify gaps in your current security initiatives and help make suggestions for improvement.
Train your employees
Creating a culture of security can be a phenomenal asset to your company. According to leading reports and government analysis, over 90% of cyberattacks are a direct result of employee error. Clicking on malicious links in emails, lost or stolen devices and password mistakes are at the top of the list for causes of employee related breaches. We all know that humans aren’t perfect and they are bound to make mistakes leading to a breach, but training them on the following can help to reduce the severity and frequency of breaches:
Keeping Computers Clean
Unknown outside programs and applications can open security threats in your network. Don’t install non-approved applications from the internet or click on links, plugins, tool bars, etc. Additionally, never plug in a thumb drive or upload files that you aren’t confident of the origin and safety.
Following Good Password Practices
The longer the password length, the harder it is to crack. Use a mixture of upper and lower case letters, numbers, and punctuation. Do not use common phrases and do not use the same password over and over again on multiple sites. Additionally, don’t save passwords in your web browser; instead, find a trustworthy password manager to encrypt your password information.
Secure E-mail Practices
If you have any doubt as to whether to open an e-mail... DON’T. Avoid suspicious links in e-mails, online ads, messages or attachments, even if you know the source. Email is the number one cause (and most preventable) of cryptovirus attacks. Consider investing in a third party content filter to scan your emails and attachments for malicious files and links.
The key to overcoming human error breaches is to create an environment where all employees have a vested interest in security. Employees need to understand the value of protecting client and partner information, and their role in keeping it safe. They also need a basic knowledge of risks and how to make good judgments regarding Internet safety. To many people, security seems like common sense, however, it is more like “out of sight and out of mind”. To create this paradigm, it must begin with training and educating employees.
Though advances in technology bring new and exciting security solutions to our industry, attackers continue to develop and launch new tactics, techniques, and procedures to outwit them. Security does not have to be a costly process, but doing nothing should not be an option. Whether or not a company can afford a new, high-tech security solution, taking a step back and focusing on security at the basic level should still be a priority. Being proactive about security is everyone’s job, and requires constant vigilance. By making a conscious effort to adhere to standard processes, procedures and policies of security and educating employees, companies can drastically reduce their vulnerability to attack.