The need for cybersecurity is a worldwide trend. That need is accelerating developments in cloud technologies and data security systems at a rapid rate. To complicate matters, the transition to work-from-home scenarios is increasing the exposure of companies to cyber threats by increasing the number of people connecting to central data networks from remote locations. When they’re not in an office scenario, employees may not be as diligent about online security. In addition, adherence to security protocols can’t be as strictly tracked and enforced by the IT department, no matter how hard they try.
Cyber threats present multiple hazards from different directions, and they are becoming more sophisticated every day. Everyone who uses a computer hooked up to the internet has likely been bombarded by simple emails containing malware embedded as harmless looking links or attachments. Sometimes they even appear to come from people we know.
The larger an organization is, the more likely someone will eventually absent-mindedly click on one of those hundreds or thousands of phishing emails your employees receive, unleashing spies inside your company’s electronic infrastructure who can linger for days, months or even years gathering information and harvesting it for their malicious purposes. This has opened up most companies to not only having their own data systems breached, but also their customers’ data. In the case of companies who handle the personal information of their customers, they have a dire need to protect their own data as well as that of their customers. Your data is not the only thing at risk nowadays; your reputation is as well.
Beyond using firewalls to secure the perimeter of your infrastructure – which once protected a company fairly well – there are some practical steps you can take these days to limit your risks.
1. Develop a plan. Figure out what your vulnerabilities are. Either perform an assessment inhouse or hire it out. You need to know where you stand, then you can address your infrastructure weaknesses.
2. Enact cybersecurity policies. Teach employees about email phishing: what looks harmless can still hurt your company. According to professional services firm Stambaugh Ness, email phishing accounts for 90% of all breaches. Not all pop-up ads are harmless either.
3. Be prepared. Update your company’s liability insurance policy to make sure data breaches are covered. Be ready to explain what your company is doing to mitigate your risk.
4. Build resiliency. Put a disaster recovery plan in place. Don’t think it can’t happen to you. When you’re deciding how much you’re willing to spend to on a recovery plan, weigh the cost of that resiliency with the cost of downtime if/when a cyber breach happens. According to Security Magazine, there were 2,935 publicly reported data breaches in the first nine months of 2020. It’s likely many more were not reported.
Remember this is now a world of information sharing, including your information.
On episode 68 of Bridging the Gap podcast, I had the opportunity to talk with Phil Keeney, Managing Director of Technology Solutions at Stambaugh Ness. Tune in to learn more about limiting your cyber risks.