ITSP Magazine called IT security in 2018 a “dumpster fire,” and we agree. From Russian state-sponsored hackers infiltrating the U.S. power grid, to ransomware continuing its ugly rampage, to programmer snafus that left millions of personal records exposed, it’s clear that cyberterrorism is alive and well. Are the black hats about to dismember white hat defenses? Here are the top five IT security risks and ramp-ups that any company should apply in 2019 to avoid becoming a task on a hacker’s must-do list.
5 internal IT weaknesses and 5 fast fixes
American businesses need to shore up their IT defenses fast, to stay ahead of the hacker curve. Cisco says 31% of organizations have experienced an attack on their technology infrastructures and that number will rise this year. What are the internal weaknesses that technology leadership teams should focus on?
1. Email — An employee or consumer mouse click triggers 93% of all malware. Hackers understand that hiding viruses within emails cleverly disguised as legitimate correspondence will likely snare an unsuspecting end user, opening the door into your network. Solution: Create a culture of cybersecurity by training and regularly testing end-user weakness along with infrastructure vulnerabilities.
2. Regular data backups — What’s the biggest threat to ransomware hackers? An IT team that conducts regular backups of network systems and workstations. While this is a simple best practice, the Disaster Recovery Journal says the majority of these efforts are incomplete, missing the capture and storage of critical data and workflows. Solution: Create backup redundancy in the cloud and on-premises and use automated tools that encrypt data transmission and storage.
3. BYOD and apps — End users accessing your network with their personal digital devices make for murky security waters. The operating systems on smartphones and other devices have a lot of functionality — and a lot of vulnerability. Solution: Apply basic controls, including data containers and sandboxed apps — along with document encryption — to mitigate risk.
4. Two-factor authentication — The theft of corporate security credentials is a huge and growing problem. Setting up two- factor or multi-factor authentication, which sends a security code to a secondary end-user device, is imperative. Solution: In addition to using a password manager, turn on two-factor authentication to immediately improve corporate security.
5. A lack of planning — Planning for a breach is as important as working to prevent one. If you’re not conducting regular vulnerability assessments, you’re at risk. Solution: Create an overarching written security document and then plan to fail by conducting regular cybersecurity risk assessments to improve upon the plan.
The first step toward fixing any problem is to understand it. That’s why companies of all sizes should invest regularly in an external assessment of how their IT security can be improved.
Augment your security with an outsourced resource
To protect your company in 2019 you must create a culture of continuous security improvement. The next step in your 2019 cybersecurity ramp-up should be a cybersecurity risk assessment to include:
- A review of written IT policies and procedures focusing on limits and permissions, password policies, and security
questions - A review of hardware and BYOD practices
- Analysis of software, including apps that allow “risky permissions,” or access to end-user contacts and other data
- A review of breach protocols emphasizing endpoint security detection and response features along with managed detection and response services
- Staff training to include testing and planning for communications during a cybersecurity incident
- A cybersecurity incident response plan targeting breach mitigation
Cybersecurity attacks damage your brand and customer trust. The first step toward shoring up your data security requires a robust infrastructure review and creation of an adaptable, effective incident response plan. Don’t be a statistic. Contact SecureNation for a 2019 cybersecurity evaluation to mitigate your risk.