Cybersecurity is on the way to becoming a $1 trillion industry.
With high profile attacks on some of the world’s largest and most trusted brands making headlines throughout 2017, it is only a matter of time before cybersecurity truly takes the limelight when it comes to business infrastructure.
The $1 trillion figure is a projected estimate reported by Cybersecurity Ventures, who expects the industry to reach that cap by 2021. That’s an annual growth rate of between 12 and 15 percent every single year.
However, as long as cybercrime pays, there will be people willing to do whatever it takes to get into your organization’s systems and steal, change, or corrupt all-important data.
But what can you do?
If hiring a major third-party cybersecurity firm is outside your capabilities, there are a few commonsense rules you can implement right now that will help you keep your business and its data more secure.
Implementing Cybersecurity Policy
Perhaps the greatest vulnerability that organizations, in particular small businesses, face is not having a cybersecurity policy in place. A simple vision with a set of rules and guidelines implemented in a top-down manner from executives to management to employees is a critical tool towards developing a secure workplace.
Start crafting your company policy using the following five simple rules.
1. Perimeter Firewalls
Think about your organization’s points of contact with the outside world. This can include your company website, any user portal you may use to communicate with customers or suppliers, and even includes email.
Each one of these points of access should be behind a firewall. Email and web access ports should be secure. If you don’t have someone on-hand who understands firewall management, you can hire a consultant specifically for this purpose. The first thing you want to do is protect your systems from external intrusion.
2. Implement a Least-Privilege Policy
Imagine the accounting department hires a new employee who needs access to sensitive customer data in order to work. When that employee’s supervisor assigns permissions to that employee’s account, how are those access privileges arranged?
In a system with a least-privilege policy, new user accounts start out with no permissions. An administrator account manually adds specific access privileges to each new account. This may seem like extra work, but if new user accounts have automatic permissions, cybercriminals who figure out how to make accounts can instantly gain access to all kinds of sensitive data and then wriggle their way deeper into your system architecture from there.
3. Default Encryption
There is simply no excuse for holding customer data in plaintext format. User accounts, passwords, email addresses, phone numbers – everything should be encrypted by default.
You may not have the resources to implement military-grade encryption throughout your entire IT network, but you can definitely hide customer data from prying eyes. Keep in mind that if your system is breached, encryption is the last line of defense – for the most cost-effective results, ask your IT administrator to hash and salt your customer data.
4. Stay Up to Date
Just as there is no excuse for leaving customer data in plaintext format, there is no excuse for using obsolete system architecture. Yes, everyone loathes having to take time out of their day so that the newest software updates can install themselves, but these updates provide protection against new cyberattacks.
These updates typically monitor application behavior rather than trying to recognize new malware by code. An updated application that starts acting strangely can shut itself down, preventing a novel attack. Make sure your operating systems and anti-malware solutions are always up to date.
5. Develop a Workplace Security Culture
Even the best passwords and the heaviest encryption are no match for social engineering tactics used by the cleverest cybercriminals. A common trick social engineers use is impersonating executives and using their authority to get access privileges from entry-level employees – in some cases, all this takes is a LinkedIn account and a fake email address.
The only way to protect yourself against this type of attack is by instituting a culture of workplace security. Let employees know that if they unexpectedly get a call from the CEO asking for sensitive data, they have the right to be suspicious. Ultimately, bothering a supervisor for 30 seconds could save millions of dollars’ worth of data.
Where to Go from Here
This is by no means a comprehensive cybersecurity policy. It is just a starting point from which you should be able to take your particular business and workflow needs into consideration.
Beyond this, you’ll need to come up with a business continuity solution, and plan for crisis contingencies as well. With a bit of forethought, you can quickly protect yourself against the most immediate cybersecurity threats out there.
Trust Donnellon McCarthy Enterprises to develop and implement a business continuity plan that protects you from the world’s greatest cybersecurity threats. Talk to one of our consultants today!