So much of what businesses do is in the digital realm — from billing to brainstorming to delivering healthcare to providing services to employees and customers. While the efficiency and productivity advantages are undeniable, the digital revolution has ushered in a wave of new threats to cybersecurity.
In response, the U.S. Department of Homeland Security and National Cyber Security Alliance founded National Cyber Security Awareness Month (NCSAM). Now in its thirteenth year, this month marks an opportunity for businesses to assess security and what needs improvement. At Resilient, we’ve highlighted six areas for businesses to review.
1. Threats
Knowing the network threats that make your business vulnerable is the first step to overcoming them. The FBI warns of two major threats to enterprises: Network intrusion and ransomware. Both are disruptive and costly; the FBI estimates billions of dollars a year are lost to these attacks — which pose an especially formidable threat to hospitals and emergency response services.
Read: How Hospitals Can Build Ransomware Immunity >>
2. Employees
Week 2 of NCSAM focuses on what is perhaps the weakest link in a network’s security: The intentional and unintentional online missteps of employees. It recommends teaching best practices for good cyber hygiene starting with smart password use. Rule #1 is to update passwords regularly and make them memorable and hard to unscramble. Employees should also be taught to avoid clicking on suspicious files or links in emails or on websites.
Learn more about educating your employees on IT security in the workplace >>
3. PII
Data-in-transit is always at risk of interception or modification — especially highly valuable personally identifiable information (PII) — like what’s stored and shared in electronic medical records at healthcare organizations. If your business stores or shares PII, you need to deploy SSL data encryption to protect it.
4. Mobile Device Security
Employees now basically live on their devices; with each and every device being a potential attack vector. Businesses need to take this into account when developing mobile device security protocols and requirements for employees that use mobile devices for work both in and out of the office. Clear, enforceable guidelines on authorized and unauthorized apps, social media sites and procedures for reporting lost or stolen devices combine with robust monitoring to mitigate risk overall.
5. Data Storage and Backup
Stored data without proper firewalls, encryption and endpoint security stands at high risk of falling victim to cyber threats. You need an integrated platform of tools to ensure a dynamic level of protection at every level. Backup data regularly and often; and consider secure, offline storage for archived and backed-up data. For irreplaceable online data, use media that can’t be overwritten
6. Cybersecurity Infrastructure
Every organization has unique security challenges and requirements that change with advances in technology and the threat environment. As your requirements and challenges evolve, so must your cybersecurity infrastructure.
That’s where the value of a cyber threat assessment comes in. A cyber threat assessment, like the free online program from our partner, Fortinet, evaluates where your vulnerabilities lie, network bandwidth utilization and application visibility among other factors; and determines their impact on security and performance. In doing so, it helps to target your cybersecurity to the latest threats, and deliver the most protection to your highest priority assets, or “crown jewels.”
A partner of Fortinet, Resilient can recommend and deliver best-in-class cybersecurity solutions based on the results of a cyber threat assessment. Contact us to learn more.