It seems like the news has been flooded with stories of cyber breaches in recent weeks. For example, Dell announced the intrusion of cybercriminals seeking to gain personal information from its customer base, and Marriot revealed a similar attack on a whopping 500 million hotel guests. Even the US post office announced a breach of its SMS service. What do all of these breaches have in common? They all involve the exposure of customer data.
Data has long been a tradeable asset on the dark net for a profit, but now that modern business is measured by how effectively companies can leverage their data to improve the experiences of customers, cybercriminals have realized an increased targeting of personal information could reap substantial rewards. Thus, we’ve seen a rise in ransomware, phishing, and other types of cyber-attacks. The Ponemon Institute estimates in a recent report that companies in 2018 lost an average of $131.4 million on cyber breaches.
What can companies do to guard their data against exposure? Here are three quick tips:
1. Take a Holistic Approach to Cybersecurity
It’s key to view your security posture from both an intricate perspective, as well as a bird’s eye view. A holistic approach toward cybersecurity should emphasize that no solution is 100% effective and, therefore, you should have multiple plans to react to an incident if the first or second lines of defense fail.
Pairing preventative and restorative measures into a single IT strategy and having detection measures to know when a breach has occurred gives IT teams the foundation needed to establish full coverage of company assets and protect against data loss. A few of these measures may include firewalls, IPS, antivirus, scanning, a robust incident response strategy and more. But having a holistic approach shouldn’t stop there. Part of being vigilant about your IT systems means testing on a regular basis and updating your playbook based upon the results. Also, remember that when you’re overwhelmed, it’s best to bring in someone for assistance that specializes in outbreak services.
Since cybersecurity incident response and IT disaster recovery have interrelated impacts on reputation and potential for data loss, many companies are even placing these historically separated plans into a single instance of ownership for increased accountability among IT members and ultimately, a more effective IT resiliency strategy.
2. Establish Rules of Data Governance and Educate Your Workforce
Having rules of data governance acts to keep your IT team informed of what data is in use and where. Keeping and reviewing change logs, having two-factor authentication, and enforcing role-based access are just a few ways to ensure only the right personnel are using and sharing data.
Education is another piece of the risk mitigation puzzle. However, a company should not only be educating employees for how to recognize a possible cyber threat and respond accordingly; they should also be doing this education on a regular basis to account for new threats as they emerge within the market. This is especially relevant for your IT team members, as they need to be kept up-to-date as well.
3. Hold Third Parties Accountable
Risk mitigation doesn’t only apply to your company; it extends beyond your walls to include the partnerships that could also put your company at risk. In fact, it’s far too often one of the areas that companies overlook, and cybercriminals have come to notice it as a backdoor into your datasets. Don’t think you use third parties? If you’re using any SaaS-based platform, you’re using the cloud and therefore, you’re connected with a third party.
Data privacy standards will only increase in stringency, especially given the European Union’s recent introduction of the General Data Protection Regulation (GDPR) for all EU citizens, and other new regulations on the horizon from other far-reaching entities. Convenience will no longer take precedence for whether companies introduce new confines on data storage and sharing. Those companies that service clients within highly-regulated industries should come to expect inquiries of their systems as well.
So, what can be done to prepare for regulations and audit requests? What does successful vendor management look like? Read this Forbes article from Jeff Ton, InterVision’s SVP of Product Development & Strategic Alliances.
Risk Mitigation Takes Diligence and an Expert Eye
In the end, news of the latest cyber breaches should come as no surprise. This is now the world we live in – which is why it’s paramount to gain input from those within your business for what datasets are the most valuable, so that you can take necessary steps for protection. Also request advice from a trusted source for a second opinion. You can’t fully see what you’re too close to; a consulting security expert will be well-positioned to offer recommendations.