It seems like there’s news of a cyber attack every day. From retailers to credit reporting bureaus and even identity theft monitoring companies, no company appears to be immune from cyber attacks’ devastating financial and brand impact. Is your company ready for a cyber attack?
A data report by Verizon indicates that the most common types of cyber attacks involve stolen and/or weak passwords and malicious email attachments. Despite these alarming statistics, a PwC report revealed that nearly half of all corporate executives admitted they do not have an employee awareness training program for cybersecurity.
The changing landscape of cyber-hacking means cyber attackers are becoming more sophisticated than ever before. It is therefore essential to determine potential threats to your company’s data security and ensure that your company complies with all federal regulations and industry standards for cybersecurity. Investing some time, effort, and financial resources in a security audit could save your organization millions of dollars in the long run.
- Take stock of your company’s cyber operations
Where do you keep your most sensitive data? If you do not know the answer to this question, this data could be vulnerable to attack. Sensitive files and folders should have a higher level of data security than other data. Talk with your system administrators to set up automated data classification so that highly important data has a higher security level. You may also want to keep track of who has access sensitive company data to identify malicious network behavior. Institute a policy to review who can access this confidential data.
- Modernise your password rules
Make sure your employees have strong passwords but also realize that passwords are not enough for securing sensitive data. Work with your company’s system administrators to enforce more stringent password policies, and require users to include complex passwords including a variety of different characters: uppercase and lowercase letters, numbers, and symbols. Prohibit password reuse, as that can make data more vulnerable to unauthorized access, and require your employees to change their passwords every two to three months. Multi-factor authentication requires users to enter a code sent to their email or cell phone to gain access to their account and can be utilized for the highest level of cybersecurity.
- Monitor employees’ data use
Restrict employees’ access of data to only that data which they need to perform their work; for example, do not give an entry-level staff member access to the most sensitive data unless it is required for their job to view and work with this data. Furthermore, when employees leave the company, make sure that they no longer have access to your valuable data by disabling their accounts. Make sure to use additional monitoring to keep a close watch on account activity of employees who access the most sensitive data to make sure that the correct people are accessing the data.
- Develop a security policy for smartphones
Develop and implement a policy regarding employees’ smartphones. This system should include all smart devices, such as smartwatches. Many companies do not support mobile logins to company data due to the security risks involved. Work with your system administrators to determine the best solution for your company and employees regarding smartphones and wearable devices.
- Train your employees on best practices
Educate your employees on the best practices for data security, including how to create a secure password, how to avoid phishing attacks and the use of company data. Hold regular seminars to update employees on the newest security threats so that your organization can stay informed of the current cybersecurity threats. Make sure to inform your employees of the consequences of failing to adhere to security best practices.
- Prepare for the worst
Back up data regularly and make sure to employ additional security practices for the backups of highly sensitive data. Develop and test a contingency plan in case of a disaster and review your plan yearly.
So, is your company prepared for a cyber attack? Check out this infographic from Varonis to evaluate your company’s cybersecurity plan and see if there are any weak spots that could leave you open to an attack.
Creating an effective cybersecurity preparedness plan is a mix of implementing company-wide, procedural policies; utilising data protection and taking technical precautions to protect your data; and putting a reactive plan in place in case the worst case does happen.
So, is your company prepared?