Tips for Fortifying Your Cybersecurity Efforts
Concerns about cybersecurity are at the top of the list for organizations of all types and sizes these days. All it takes is one significant data breach to cripple – and possibly ruin a company. Besides the severe financial and legal consequences (fines for noncompliance, violating the new GDPR regulations, lost business, paying reparations to those impacted by the breach) there can also be ethical implications for the organization. This can make it difficult, if not impossible to regain the trust of customers, stakeholders and the public.
Thus, organizations not only need to bolster their cybersecurity procedures for compliance and monetary reasons, but they also have an ethical responsibility to do so. A company that develops a reputation for not taking every possible step to safeguard its customers’ privacy and confidentiality will find it challenging to remain competitive, or even viable in today’s global business climate.
What Are the Top Cybersecurity Risks for 2018?
If organizations hope to enhance their cybersecurity efforts, they must first identify the threats that are most likely to impact their operations. According to a survey of 900 security professionals conducted by the computer security firm AlienVault, the top five cybersecurity threats to businesses in 2018 are:
- Phishing: According to the survey, 55 percent of the participants indicated that phishing, the practice of sending fraudulent emails to entice the recipients to provide personal or sensitive information, is the cyberthreat that concerns them the most. The main issue with phishing is, when done effectively, the email appears to be legitimate.
- Ransomware: Ransomware, a form of malicious software that blocks access to a computer system until the organization pays a specified sum of money to the perpetrator, is expected to cost businesses $11.5 billion by the end of 2018.
- The cloud: With more organizations managing and storing data over the Internet instead of on hard drives, they must find effective ways to protect this cloud-based information from hackers.
- GDPR: The General Data Protection Regulation went into effect in May of 2018 and impacts all companies that do business in the European Union. GDPR violations can result in severe financial and legal penalties for organizations that fail to implement acceptable cybersecurity measures, particularly if a data breach occurs.
- Cryptocurrency mining: Cryptocurrency mining, where cybercriminals infect computers to attempt to steal Bitcoin, is a relatively new phenomenon that is starting to become a significant cybersecurity issue for some organizations. Many businesses remain behind the curve when finding ways to detect and prevent it.
Steps Your Organization Can Take to Minimize Your Cybersecurity Risks
Cyberthreats such as these are here to stay. If your organization isn’t taking a proactive approach to cybersecurity, you could be jeopardizing your company’s long-term viability. Steps you can take right now to protect your computer systems and the critical data they contain include:
- Assess your risks: Conduct a comprehensive risk assessment to identify your computer systems’ biggest weaknesses and vulnerabilities. Use the information to create a risk profile and develop a strategy that will enhance your cybersecurity efforts in these areas.
- Keep your software current: Implement software updates as soon as possible, as these typically contain the latest security upgrades. You can also use software patches in some cases to provide a quick fix until the next update.
- Perform regular security audits: A consistent auditing process enables IT professionals to identify weaknesses in security controls. Audits also help you meet your legal, regulatory and ethical compliance requirements. Another prudent cybersecurity measure is enlisting the services of a third-party cybersecurity firm to perform periodic checks.
- Implement cybersecurity monitoring practices: Ongoing monitoring will help you detect potential threats in the early stages. You can then implement the appropriate incident response protocols to prevent an issue from escalating.
- Secure your legacy systems: Many organizations have outdated computer systems that are unsupported (they no longer receive software or hardware upgrades). These “legacy” systems are extremely vulnerable to cyberattacks that can jeopardize your entire network. If your IT staff is unable to update these systems, it may be necessary to isolate them from the rest of the network or discontinue using them.
- Bolster authentication protocols: Most organizations now take steps to ensure their employees use strong passwords (combination of upper and lower-case letters, numbers and symbols) when logging in. However, cybercriminals now have ways to defeat even the most complex passwords. Adopting a two-factor authentication methodology, which combines a password with another proof of identification such as a fingerprint or a key generated by another device, can serve the needs of organizations that handle extremely sensitive data. Healthcare operations are one example.
- Develop robust service provider oversight procedures: Carefully vet all computer system-related service providers to ensure their contracts comply with your organization’s security requirements. Verify that the provider also implements its own security procedures that are commensurate with the level of risk.
- Make cybersecurity training a top priority: Many data breaches and other cybersecurity-related mishaps are the result of human error. Actions such as the innocent opening of an email attachment or the placing of a Post-it Note containing a password on a computer keyboard are all-too-common occurrences. Educate your staff on safe computing strategies such as not opening unsolicited emails, not leaving a logged in computer unattended and regularly backing up data. Don’t assume they already know these things.
- Keep abreast of the latest cybersecurity threats: While the five threats listed above represent the most current risks, these are subject to change. As cybercriminals continue to become more sophisticated, they will find additional ways to access your computer networks and the valuable data they store. Make sure your IT team remains vigilant and keeps you and your employees in the loop regarding new and emerging cybersecurity risks that will impact your organization moving forward.