The New Year is coming, which means it's time to reflect on how to improve. But a top priority for companies is often overlooked until it's too late. What's this priority? Cyber security.
From Sony and Ashley Madison, to the retail giant Target, cyber security breaches have been at the forefront of our minds. There's a reason for this. We are living in a world where our customers' and employees' financial and personal data can be easily compromised and used for everything from bank card fraud to extortion. So, what have we learned from these recent cyber-attacks?
Who and What is at Risk
Nothing is off limits.
Any proprietary information, whether it seems secure or not, isn't completely safe nowadays. Cyberattacks could come from anywhere in the world, on any industry. Hackers are targeting more suppliers of services like consultants and lawyers, but also going after smaller businesses that may not have as much security set up.
Internal & External data are risks
Some of the biggest risks we've seen have been the leaking of employee information, like with the Sony cyberattack. But, data breaches that target personal identity information can be the most disruptive. Identity theft, malware data, etc. that affect customers can be very difficult for companies to overcome because of distrust and poor brand image. For example, the 2013 Target security breach grabbed 40 million people's credit and debit card data which was bad PR for the company.
Precautionary Actions for Securing your data
Set up Security: Two-factor Authentication
First, make sure that there are security systems in place. While many were surprised at the data breach at Ashley Madison, the site where adults could engage in affairs, it turned out the security of the site wasn't great in the first place. To avoid an attack, companies need to be accountable and actually put up measures of security. One way to protect data is to implement two-factor authentication, meaning there would be two sets of pins or passwords to input for extra security.
Infrastructure: Maintain and Analyze
Strong and clean infrastructure is key here. We should follow the example of securing critical infrastructure, which includes all the small details. Hiring a strong CTO or CIO that understands the threats and risks is a must. This person can keep checks and balances on all of the details that must be considered for implementing strong cyber security. Businesses are outsourcing left and right nowadays, which is fine, as long as they understand the vulnerabilities that can cause and have plans for how to respond in the case of cyber-attacks.
Being prepared for a cyber crisis isn't new, but companies should conduct careful planning for crisis situations. This is why programs like DARPA, the government cyber security agency, are becoming critical. Companies instituting similar models of monitoring and reporting groups will be better informed and prepared for an attack. In today's tech-forward landscape, these are the necessary steps we can take in order to protect our data and companies.