In a chilling way, 2016 continued the upward trend in the quantity and severity of cyberattacks including major breeches of Yahoo, JPMorgan Chase, Home Depot and eBay, and these events have understandably alarmed businesses and their employees, vendors and customers.
The raised anxiety has a parallel symptom. It’s the feeling of inevitability. But that doesn’t mean you’re helpless. It just means you have to intelligently prepare and battle because there are smart things that executives and employees can do to lessen the chances of their organizations being seriously crippled.
1. Get extremely serious & sophisticated about userids and passwords.
If a key employee’s userid and password get stolen, it could lead to a serious problem. But if a systems administrator’s credentials get out, the impact could be catastrophic. Many of the most devastating hacks recently have involved the illicit use of systems administrator userids and passwords. But there are many effective processes and systems that can be put in place to prevent or minimize these types of attacks.
2. Identify, compartmentalize and isolate your sensitive data allowing access only to those who need access.
Not everyone who needs to work with personnel data needs to have access to financial data or customer data or security data or individual performance data. Individual databases with specific levels of access authorization should be in place and diligently managed/monitored. These database systems can be designed and implemented quicker today with better management tools and with higher levels of security.
VERY important these days: Know what data is stored where and who has access to it when and from where.
Also, if you haven’t done so already, it’s time to curtail the use of spreadsheets (especially unencrypted) containing sensitive or confidential information including HR data, credit info, financial data, sales leads/contacts/special pricing, strategic initiatives, timelines & progress, etc. All data like this should be in secure databases, not in spreadsheets.
3. Design and implement strong email policies and systems.
Many, MANY people a) use their email as a long-term, searchable “filing cabinet” for documents, conversation notes, “future reference”, etc.; and b) use email as a written way of holding private or personal conversations that may contain sensitive/confidential info, mistruths, potentially malicious gossip or content that may be embarrassing to themselves or others if it were to get out.
There are ways to effectively address this area — culturally, procedurally and technically. If your organization needs some advice here, we can help.
4. Vigilantly monitor data movement and unusual activity; and have procedures in place to verify/react when appropriate.
Just like banks and credit card companies can detect unusual activity on an account, your organization can do the same using tools such as pattern recognition, network activity monitors, data transfer alert systems, malware detection, etc.
5. Be very aware of (and promptly address) the increasing (and evolving) need for mobile device security.
This is a big deal for organizations allowing remote access to organizational data on company servers or in the “cloud” (or remote access to an individual’s office computer), particularly when using publicly shared networks (coffee shops, hotels, hospitals, etc.), and it’s especially true for all organizations using “pay-by-app” or “pay-with-device” functions such as Apple’s iPay. This realm has expanded from laptops to highly functional smartphones and tablets with dozens of new apps coming out every day along with technology advancements being released every 4-6 months.
For most organizations, mobile device security has reached critical mass in terms of importance. All organizations doing anything online need to be keeping up with this now.
6. Lockdown your website(s) and all other multi-channel online marketing channels as much as financially possible both procedurally and technically.
All online entities can get hacked — websites, email campaigns, social media accounts, e-commerce platforms. There are a variety of ways to keep them as secure as possible. They range from simple processes involving manual monitoring, applying system updates, backing up/restoring and changing passwords to having redundant systems with sophisticated encryption and automated detection/alert/reaction/lockout mechanisms. Of course, there’s a corresponding price tag for each level so it’s important to do an assessment of cost, benefit and risk for your organization.
Technivista can help advise you on any and all six of these things. Please contact us.