Mobile devices, social media, email platforms and the cloud are but a few examples of emerging technologies altering the ways organizations process, share, and store information. Technology advancements reflect the many methods in which individuals now access company data. As virtual communications, currencies and storage continue to emerge, traditional perimeter-based security strategies are proving less effective. Since today’s information can easily fall into the hands of someone outside company perimeters, it becomes absolutely imperative for management to invest in and focus on dynamic cybersecurity controls to prevent and respond to cyber threats.
Why It Matters
Failure to address cybersecurity increases exposure to a host of risks to the organization’s brand and bottom line. Negative press has become commonplace in relation to publicized cybersecurity incidents, making reputational damage a front running risk. Customer confidence may dwindle in the event of a publicized breach or an inability to serve customers. Further, decrease in market valuation, legal complexities and potential fines from regulatory bodies for noncompliance are all possible if breach prevention and notification practices have not been applied.
How It Happens
There are multiple ways in which your organization’s confidential information can be compromised. Some attack methods require a high level of skill and time on behalf of the intruder, while others require little to no effort, and can be performed by relatively inexperienced attackers. Examples of attack methods include:
- Malware – A computer program with malicious intent. These programs appear as harmless files and are designed to trick a user into revealing sensitive information.
- Keyloggers – These invisible applications often silently install themselves after unsuspecting users open a malicious email attachment or web link.They allow attackers to collect passwords, credit card numbers and other confidential data as they are being typed on the keyboard.
- Password attacks – This includes obtaining and determining (“cracking”) a username and password. This generally gives informational access to an unauthorized user via a secured system.
- Denial of service – This occurs when computer hackers disrupt or impair valid users’ ability to access to their own computers or company networks.
- Unpatched software – A patch is an update to a computer program (i.e. Java or Adobe software) intended to close vulnerabilities that could be exploited by attackers. Unpatched applications provide entry opportunity for intruders into your computer and network.
Ask Yourself the Right Questions
Though detecting a cybersecurity threat can be tricky, as intruders often aim to be stealthy, there are precautionary measures you can take. To know where to start, it is helpful to ask yourself the right questions surrounding your security, such as:
- Have we experienced unusual outages or slowness of our systems, network or the Internet?
- Has anyone received strange emails or pop-up screens asking users to perform tasks or actions?
- Has anyone been locked out of previously accessible files?
- Are we heavily dependent on third parties to support our IT systems or process financial transactions?
- Do we have the capability to monitor for inappropriate system use or potential security events?
Answering these questions could highlight the need to consider establishing additional cybersecurity controls.
What You Can Do
Once you ask yourself the right questions, it is time to act. Here are a few actions you can take to help ensure that your cybersecurity measures are in place and effectively protecting your organization from internal and external threats:
- Identify your organization’s most valuable information.
- Establish internal controls and cybersecurity standards that consider both internal and external threats.
- Prioritize cybersecurity standards to protect the most valuable information accordingly. 100% security is improbable in today’s world, but you nonetheless want to place the highest levels of protection around your most valuable assets and information.
- Periodically evaluate your cybersecurity controls and their effectiveness with thorough audits and technical assessments.
- Establish a plan of action in the event that you must respond to an adverse cybersecurity incident. Furthermore, set that plan in motion by practicing it.
- Establish standards to ensure your third party service providers (if applicable) do not pose a threat.
- Communicate cybersecurity measures to the entire organization and help every individual within your organization identify threats and understand how to respond appropriately.
Should your business lack the proper resources to implement any of the above suggestions, a best practice recommendation is to obtain the assistance of a trusted IT advisor that has extensive experience with the unique data security and privacy requirements of your industry. A knowledgeable IT advisor can provide you the tools and counsel you need to help protect your organization from cybersecurity breaches and other adverse incidents. Seek out an advisor that maintains valuable credentials (i.e. CISSP, CCE, CISA, CRISC and GCIH certifications) and who has the capacity to offer a variety of services to meet your cybersecurity needs – from digital forensics and incident response to industry-based compliance services. A qualified and trusted advisor can help provide end-to-end assistance with establishing effective cybersecurity controls that allow you conduct business confidently and securely.