By Sydney Boman
With cyber threats growing more rapidly than ever, the issue of security has been brought to the forefront of every CIO’s mind. Today, cyber crime is a billion dollar enterprise, and it’s on the rise. According to data from Arbor Networks, the number and size of cyber attacks increased by 73% in 2016. With the incidents of cyber attacks growing year over year, no organization, regardless of size or industry, is free from the risk of a data breach. So it is no longer a question of if your company will be attacked, but when. For this reason, it is important now, more than ever, to implement a proactive approach to cybersecurity.
Due to the misconception that implementing security measures will cost businesses a lot of time and money, the default approach that companies take with cybersecurity is “reactive.” A reactive approach means that companies wait until they are affected by a threat to implement a solution. Ironically, this method will likely cost your business considerably more time and money than implementing preventative measures. Statistics show that the ROI for businesses that implement preventative security measures is met in the face of an attack.
Implement Proactive Security Provisions With These 3 Tips
By proactively addressing basic security concerns, companies can not only prevent lower level attacks; they can recover faster from and reduce the impact of data breaches. Here are three tips to start implementing proactive security provisions for your business:
1. Identify goals and set standards for policies, processes and procedures of security.
To begin implementing a proactive approach to security, it is important first to identify what your company’s security goals are. Consider your industry and the type of data your company manages when setting goals. Based on these factors, your company may be more vulnerable to attack and need to implement stronger security parameters. Once you have identified your goals, you can begin to set standards for your company’s security practices. Outline the criteria for implementing workplace security standards in your company’s disaster recovery plan. Make sure that these standards are enforced and met by all employees. Conceiving of change is easy, however, effectively implementing change is the difficult part.
2. Look for gaps in your existing strategy and implement new solutions.
Given that security is an ever-changing business, and hackers are constantly working smarter, your company can no longer afford to rely on outdated security measures. In fact, sticking to “tried and true” security parameters is an easy way to open your company up to threats. Hackers know all of the tricks, and look for common vulnerabilities and exposures (CVEs) in your business and exploit them. These include un-applied updates and patches, weak passwords, un-addressed software vulnerabilities, outdated anti-virus software, etc. To proactively identify and combat these exposures, enterprises can hire a third-party company to initiate a “friendly” attack. This company will work to effectively identify gaps in your current security initiatives and help make suggestions for improvement.
3. Train your employees.
It’s time to make security a social norm at your company. According to leading reports and government analysis, over 90% of cyber attacks are a direct result of employee error. Clicking on malicious links in emails, lost or stolen devices and password mistakes are at the top of the list for causes of employee related breaches. We all know that humans aren’t perfect, and they are bound to make mistakes leading to a breach; but training them on the following can help reduce the severity and frequency of breaches:
- Keeping Computers Clean: Unknown outside programs and applications can open security threats in your network. Don’t install non-approved applications from the internet or click on links, plugins, toolbars, etc. Additionally, never plug in a thumb drive or upload files that you aren’t confident of the origin and safety.
- Following Good Password Practices: The longer the password length, the harder it is to crack. Use a mixture of upper- and lower-case letters, numbers, and punctuation. Do not use common phrases and do not use the same password over and over again on multiple sites. Additionally, don’t save passwords in your web browser; instead, find a trustworthy password manager to encrypt your password information.
- Secure Email Practices: If you have any doubt as to whether to open an e-mail – DON’T. Do not open suspicious links in e-mails, online ads, messages or attachments – even if you know the source. Email is the number one cause (and most preventable) of cryptovirus attacks. Consider investing in a third-party content filter to scan your emails and attachments for malicious files and links.
The Key to Preventing Cyber Attacks
The key to overcoming human error breaches is to create an environment where all employees have a vested interest in security. Employees need to understand the value of protecting client and partner information and their role in keeping it safe. They also need a basic knowledge of the risks and how to make good judgments regarding internet safety. To many people, security seems like common sense, however, it is more like “out of sight and out of mind.” To create this paradigm, it must begin with training and educating employees.
Though advances in technology bring new and exciting security solutions to our industry, attackers continue to develop and launch new tactics, techniques and procedures to outwit them. Security does not have to be a costly process, but doing nothing should not be an option. Whether or not a company can afford a new, high-tech security solution, taking a step back and focusing on security at the basic level should still be a priority. Being proactive about security is everyone’s job, and requires constant vigilance. By making a conscious effort to adhere to standard processes, procedures and policies of security and educating employees, companies can drastically reduce their vulnerability to attack.
About the Author
Sydney Boman is the Marketing Manager at NewCloud Networks and she wrote this article in collaboration with NewCloud Network’s Security Team. Founded in 1988, NewCloud Networks (NCN) is a nationwide cloud computing and communications provider specializing in hybrid cloud, cloud desktops, backup and disaster recovery, and hosted PBX. 2,500+ customers and 2,000+ sales partners choose NewCloud for the trust that comes from an established, financially stable, and transparent cloud company. NCN delivers real value, maximum uptime and performance, and solutions that are customized to customer needs. NewCloud’s unified cloud platform is SOC, HIPAA, and PCI compliant and features best-of-breed solutions that offer top of the line security measures.