In case you missed it, the US Department of Homeland Security (DHS) issued this urgent message:
“Our Nation’s critical infrastructure runs on the internet. The systems that enable us to live our daily lives—the electrical systems, financial institutions, transportation systems, and more—are all dependent upon a digital ecosystem. As cyber breaches continue to rise in frequency and scale, it is critical for all Americans to understand their role and take steps to protect our critical infrastructure.”
It’s never been more important for companies to build a better IT security framework that keeps both employee and business data safe while also ensuring cybersecurity awareness is at the top of workers’ minds. These five tips will get you on the right security path.
1. Take a workshop
As an IT professional, you’re not alone when it comes to protecting your business’s and colleagues’ data. You need to get everyone on board to create a secure workplace. The National Cyber Security Alliance (NCSA) often conducts workshops for businesses of all sizes to learn more secure online practices, and the National Institute of Standards and Technology (NIST) has a Cybersecurity Framework that anyone and everyone can understand readily available online.
2. Practice good hygiene
The DHS recommends instructing everyone with a device that connects to the internet and a network to take some basic security steps, like updating all security software, operating systems, and web browsers on all devices early and often. To further ensure that hardware everyone has access to—such as the copier and printer—isn’t attacked, it may help to invest in machines that provide real-time threat detection, automated monitoring, and built-in software validation. This is especially timely, as a new report from Cymulate, a company that exposes hidden vulnerabilities in security systems, finds that “drive-by” and “watering-hole” attacks delivering ransomware and other malware via unsecured internet browsing will rise in 2018.
3. Shore up the cloud
According to PwC’s, “The Global State of Information Security Survey 2017,” 63 percent of survey respondents reported running IT functions in the cloud, and a Verizon report indicated that 66 percent of malware that led to data breaches was linked to malicious email attachments. Several enterprise solutions have been developed, like secure access managers, to better consolidate registration, authentication, and account management.
4. Fake a hack
A new report by Gartner discusses the Hype Cycle, which is driven by persistent threats (Yahoo and Equifax breaches, anyone?) and the development of the tech that protects IT infrastructure, including networks and hosts. One way to keep up with these threats is to do breach and attack simulations (BAS) that use multi-vector simulated attacks. As Cymulate reports, “The ability to provide continuous testing at limited risk is the key advantage of BAS technologies, which are used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings, and prevention technologies are operating as intended.”
5. Ensure compliance with new regulations
Thanks to the high profile attacks in 2017, some of the innovations in security have come through new regulations. A new bill, the Cybersecurity Systems and Risks Reporting Act, was proposed to amend the Sarbanes-Oxley Act of 2002 “to protect investors by expanding the mandated internal controls reports and disclosures to include cybersecurity systems and risks of publicly traded companies.” On the state level, New York issued a new regulation that sets cybersecurity standards for banks, insurance companies, and other financial services organizations.
Remember, one of the most proactive measures you can take is to select hardware, software, and connected devices with built-in security features, like advanced threat detection and self-healing capability that will reduce the risk of exposure. It also helps to secure printers and routers, so they aren’t vulnerable to hackers. Taking these steps now can boost your company’s workforce cybersecurity awareness and help you build a better and more secure IT security framework in 2018.