2019 is half over, and cybercriminals are on the prowl. As internet, mobile, and IoT technologies become more pervasive, the vulnerable points that hackers can target have increased. Companies can’t simply patch these vulnerabilities and relax. Cybercrime is a constantly evolving threat, and your strategy needs to continually adapt to the latest dangers.
The first half of the year provided object lessons in how imminent these threats are. Since January, we’ve seen data privacy breaches at U.S. Customs and Border Protection and increasing incidents of ransomware targeting industrial firms. One of the most serious cybersecurity incidents of the year didn’t even require hackers. In May, it was revealed that First American, a real estate and title insurance firm, had 885 million customer financial records publicly available on its website.
Aside from violating customers’ trust, these events are costly — customer data has become a commodity in its own right. Although some breaches feel inevitable, best practices can limit the damage significantly. The New York Times reported that handling cybersecurity the right way — including encrypting data properly and employing a well-trained staff — can reduce the costs of a breach by 47%.
3 Steps to Fight Cybercrime Into Next Year
Cybersecurity is just one component of your data and technology mission. Providing an engaging user experience, empowering your employees, and complying with data regulations are also critical. But without robust security, all that is built on a house of cards.
If you want to be a cyber-savvy leader, learn from the first half of 2019 as you revamp your cybersecurity efforts.
1. Harden remote access.
When it comes to business technology, remote access is a blessing and a curse. It allows remote workers and vendors to access the systems they need to do their jobs, but it also opens the door to cybercriminals. In fact, 86% of executives think data is more at risk when employees work remotely. Fortunately, there are ways to reduce that risk. The key is having employees work on your secure network, no matter where they’re physically working.
One of your best options is to use virtual private networks (VPNs), which enable employees to stay off public networks. Another approach is to provide more personalized access through a privileged access management (PAM) solution rather than a VPN. A PAM system gives you more detailed or specific control. In comparison, a VPN is essentially all-or-nothing access for your team. For instance, a PAM solution makes it possible to cut off access to terminated employees or set up alerts and session tracking. Decide how many different levels of access you need internally to determine which of these two routes is best.
2. Prioritize IoT security.
As the IoT explodes, hackers are targeting these devices and their systems. It’s often too late to patch a device after a security vulnerability has been discovered. For that reason, Trend Micro is pitching in to help companies get it right before IoT devices go to market with its Zero Day Initiative, which provides a team of researchers to vet IoT devices submitted from manufacturers. Efforts like this help ensure that the IoT devices you implement aren’t making it easier for hackers to access your systems and data.
To further harden IoT offerings, implement two-factor authentications for network access, in which an SMS code or other means to verify the device is used. As Heitor Faroni, director of solutions marketing for the Network Business Division at Alcatel-Lucent Enterprise, explains, “Many IoT devices are not designed with security in mind and consequently have little to no integrated security capabilities. The best way is to minimize the risks is to take a multi-layer security approach. It starts at the user and device level, making sure that every user and device is recognized, authenticated, and authorized.” Two-factor authentication will help keep hackers off your network.
3. Surpass compliance standards.
Data privacy regulations, such as Europe’s General Data Protection Regulation (GDPR), are a step in the right direction for cybersecurity. Adhering to the letter of these laws — or even surpassing them — can go a long way toward fulfilling your mission. “Going above and beyond what the regulations require ensures that data is protected — and can be a powerful driver of performance,” says David Wagner, president and CEO of Zix, a leader in email security. “The key is to make the compliance part easy so that companies can focus on turning new regulations into opportunities to discover new strengths.”
Start by collecting information on your operations, documenting carefully how you process data and any vulnerabilities. Such a record is a requirement of the GDPR, so it’s both a smart idea and a necessary step. And separate your compliance and security teams. Sure, both teams are working toward the same end goal, but they’ll take different actions to work toward that goal. Your compliance team should focus on documentation to show that you’re following compliance regulations. Meanwhile, your security team should focus on any efforts that enhance the security of your company’s systems and private information.
To fend off ever-increasing cybersecurity threats, make sure your company applies the latest patches, fortifies its networks, takes IoT concerns seriously, and complies with all privacy regulations. Companies that fail to do so are courting disaster in the form of brand-damaging breaches, fines, lawsuits, and more. Fortunately, with the array of tools and knowledge available, it’s possible to make your operations much more secure.