A data breach can happen to any organization regardless of size. A recent IBM study revealed an average consolidated cost of a data breach of approximately $3.8 million; a 23% increase from 2013. Additionally, the Identity Theft Resource Center found approximately 22% of breaches are due to insider theft, and 12% are simply a matter of accidental exposure.
You can keep your company and your employees safe from these dangerous data breaches by ensuring adherence to a few tried-and-true security best practices:
1. Always update: Patch management of your technological landscape is a priority of a solid security footing. Criminals are always looking to exploit vulnerabilities as they poke and prod your network for a foothold.
2. Next Generation Firewall: Unified threat management at the edge of your network is incredibly important. Firewalling is critical, but additional layers of protection like antivirus and content filtering adds layers to the defense of your network.
3. Mobile Device Management: The accelerating pressure on companies to allow employees to BYOD (Bring Your Own Device) continues to significantly impact the security of networks. The Internet of Things (IoT) brings this to an entirely new, unprecedented level. You must have policies and procedures in place to manage these devices.
4. Encrypt Laptops / Mobile Devices: As the work place becomes more and more mobile, there are increased chances of data exposure due to stolen or lost devices. Encrypting your mobile is a necessity to protect your data security.
5. Acceptable Usage Policy: Your staff needs to understand what is considered acceptable use of company data and equipment. The policy must have clearly outlined definitions of misuse and equal clarity in the repercussions of unacceptable usage.
6. Spam Management: Spam clogs servers, chokes network bandwidth, saps productivity and makes it harder to use email effectively. However, the real impact of spam, coupled with social engineering, is it is an often exploited opening into your network.
7. Develop a Security Culture: Everyone in your company has to buy into the concept that cybersecurity is a real issue with company ending consequences if not taken seriously. This culture has to be created from ownership and C-level down; it is a top down commitment or it will not be a reality.
8. Employee Training: Make sure your employees (and you) understand the various dangers. What is a phishing attack? What is social engineering? What is the problem with being “click happy”?
9. Enforce Policies: A policy is only as good as the enforcement of the policy. If people don’t know or care about the consequences of not following procedures, then they will not follow them.
10. Network Administration: Audit your network for credentials from former employees; disable said accounts. Set password policies to a certain complexity and length. Restrict employees network access to only those files they need for performance of their job.
11. Disaster Recovery / Business Continuity Plan: If all fails and you experience a loss of data, a robust backup is your best friend. Being able to roll back your dataset to a point in time before the malware took effect, or the corruption of your data occurred, is often the difference between failure and success.
12. Media and Public Relations Management: Employees must be trained on how to handle the public and the media in the event of a data breach.
13. Obtain Cyber Liability Insurance: Like all insurance, you won’t be happy with it until it saves you from having to dole out excessive amounts of money.
This list of practices is not exhaustive. It is a simple list to help you understand some of the steps it takes to prevent and respond to data breaches. Please take the time to consult your IT partner to discuss these ideas in more depth. Remember, best practices are the foundation of an effective cybersecurity strategy. Your cybersecurity policies need to be documented, taught, audited and enforced.
For more information contact Sean Callahan at 913.528.6008 or email firstname.lastname@example.org. Visit www.aureon.com.