October is Cyber Security Awareness Month. In a year of breaches, each one seeming bigger than the last, maybe every month should be Cyber Security Awareness Month. Given the explosion of devices that connect to the Internet of Things, and a pervasive culture of BYOD (Bring your Own Device), we have an ongoing problem with Shadow IT and Shadow Data. Things get plugged in that shouldn’t; data gets handled and exposed that shouldn’t. Despite a plethora of technology and options, there is no one simple solution for keeping our systems and online information secure.
The fact is, security is a process and an ongoing commitment. It only works when everyone understands the need and buys in. I was invited by the fine folks at Tripwire to contribute some suggestions to their piece “3 Tip on How to Create a Cyber Security Culture at Work “. Here are some of my recommendation to lay in place the keystones to your Fortress Security, and build around them:
1)Passwords: these really are the keys to your kingdom. Have a good password policy in place; teach staff how and why to use it; and do routine checks to make sure.
2)Patches: it is crucial to businesses of every size to have a patch update program in place, to ensure that all software and systems are updated regularly, and be ready to implement emergency fixes as those come out.
3)Get a baseline in place: While you cannot expect to catch everything, if you know what your norm is, then you have an advantage when something deviates, and you can respond decisively. That’s security in action.
4)Limit and enforce access: Not everyone needs access to everything, all the time. The fact is, the more exposure your data has, the more at risk it is. You can, and you must, put rules in place that allow most users access to only what they need. It’s good to request permission, because that enforces a necessary system of checks and balances that underpin good security.
5)Inventory and monitor: Know what you have, tag it, track it, update what gets added or removed to the system. This will help ensure you know what your baseline is for monitoring purposes. And, this is a critical component to controlling the BYOD culture that is rife with risk.
But wait – there’s more! With a solid foundation in place, you also need to have these:
Insurance: Be warned: your current insurance policy probably does not cover cyber liability. Time to consider if your policy lines up with the services you offer. For example, in Canada you need to have Errors and Omissions in place. No, it isn’t cheap, but it is compared to the cost of a data breach. And, your coverage needs to be in place at the time of the incident. According to a recent survey by KPMG, “74 percent of businesses do not have any sort of cyber security liability insurance. Of those that did, only 48 percent believed their coverage would cover the actual cost of a breach.” It’s an evolving field with a lot of growth in a short time. According to Canadian Underwriter Daily, $445 billion and $20 billion in growth. Chris Case, a specialist in Cyber liability insurance with Dan Lawrie Insurance Brokers, describes the current status:
“It’s a growing space, but it’s a tricky space. It’s a moving target. So far, we’ve been lucky, not good.”
Disaster Recovery Plan and Business Continuity: I’ve said it before and I’ll say it again. You’ve got to have a plan. Bad stuff happens to good businesses. Invest the time and effort now to put together a plan so that when Mother Nature intervenes with torrential rains, your reputation and clients’ expectations don’t get washed away. The same holds true of ransomware or data breaches. If you can’t access
Thanks for reading and hope we helped!
Cheryl Biswas, Editor
- The 6 Most Common IT Issues That Hinder SMB Owners
- 5 Ways Software Can Slow Down Your Workflow
- How Off-the-Shelf Software Often Struggles to Meet Today’s Business Needs
- What Goes Into Creating Custom Software
- How Custom Software Can Eliminate Redundancies in Your Operations
- Your Dated Software is Costing You Clients
- Why You Should Replace Your Current Legacy System
- These Software Inefficiencies Are Hampering Your Competitiveness
- How to Ensure a Smooth Legacy System Migration
- Why You Need a Cloud Based VoIP Phone System
- Why You Need a Mobile Device Management Solution
- Leverage our Disaster Recovery Planning to Protect and Restore Your Company’s Data
- 5 Benefits to Choosing Managed IT for Your Healthcare Organization
- 6 Benefits to Choosing Managed IT Support
- 6 Questions to Ask Yourself Regarding Healthcare Managed IT
- 4 Common IT Security Vulnerabilities You Should Know About
- The Impressive Benefits of Office 365 for Small- and Medium-Sized Businesses (And How You Can Get Them)
- Waterfall vs. Agile Methodology in Software Development
- Can a Not-For-Profit Afford Managed IT?
- 7 Reasons Why Your Business Needs Enterprise-Grade WiFi
- Should You Fear Machine Learning?
- Technically Speaking
- Ransomware: Don’t Get LOCKY’d Out
- Laying in Your Security Foundation
- The Windows 10 Update: Be Wary of Shiny New Things
- An Example Of Why You Need A Disaster Recovery Plan (DRP)
- DRP: What Have I Got to Lose?
- Helping Those Who Help Others: Security for Non-Profits
- Security: One Step Forward and Two Steps Back
- Case Study