Cyber attacks are not only a reality of life but also a constant concern for schools (Read 7 Steps to Prevent, Detect & Mitigate Data Loss in K-12). Last year, CBS reported a statistic from a study indicating that 1.5 million cyber attacks occur every year. That comes down to three breaches every 60 seconds, 24/7.
A 2016 Cyberedge report shows that cyber attacks against businesses continued their upward climb between 2015 and 2016, with the number of organizations victimized by at least one successful attack rising to 75.6% from 70.5%.
Focus On Cybersecurity Basics
Amidst the onslaught of cyber threats, countless articles and whitepapers have emerged with tips for protecting the IT infrastructure. But with so much information out there, deciding which way to go can get confusing.
To stay focused, we recommend building a cybersecurity platform around the basics, which our partner, Fortinet (a global cybersecurity technology solutions provider), refers to as the ‘4 T’s’ of effective cybersecurity.
1. Timeliness
Cybersecurity is not a ‘set-it-once-and-forget-it’ exercise. Once you install the latest updates and patches, it’s only a matter of time before hackers develop a new zero-day attack to exploit a new network vulnerability. A patch for that vulnerability is installed, and you’re safe until the next new zero-day; the process repeats indefinitely. Effective security hinges on ensuring all security hardware and software are up-to-date with the latest antimalware signatures and patches.
2. Training
Your staff may very well be your greatest security liability — unknowingly putting your infrastructure at risk by not following best IT security practices. Through periodic cybersecurity training and awareness programs, you need to educate your workforce on security policies and best practices.
Teach employees the business value of using strong passwords, not transferring data back-and-forth between work and personal devices, and how to recognize and avoid phishing emails and potentially dangerous applications. Make sure they understand the penalties for not complying.
Check out all of our articles on Employee IT Policy Best Practices>>
3. Technology
Having the latest technology entails far more than deploying the latest firewall and anti-malware scanner. Even with these measures in place; visibility, efficiency and vulnerability problems arise when they’re installed as separate, 'siloed' tools — each with their own management interface and ineffective at sharing threat information with other solutions.
Successful security approaches tie together best-of-breed technologies like firewalls, secure access appliances, advanced threat protection frameworks and big data-driven threat intelligence on a single, cohesive platform that can be managed centrally and enables tools to interoperate seamlessly.
4. Testing
Test your network regularly — not only to ensure it meets compliance standards; but also to ensure it can stand up the latest threats. Among the many tests out there, we recommend:
-
Network Vulnerability Scans – to detect holes in your infrastructure that serve as potential entry points for hackers, ensure patches are up to date and configured accurately, and provide reports with severity ratings for detected vulnerabilities.
-
Application Vulnerability Scans – to scout for undocumented vulnerabilities in custom applications.
-
Penetration Testing – by ‘white hat’ or ethical hackers with the skill to uncover holes that traditional scanners often miss.
Read Beyond the Firewall: Layered Security Is Your Best Defense>>
Come Up To Speed On Cybersecurity
Questions? A partner of Fortinet and provider of IT security solutions and expertise to organizations large and small, ResilientIQ is well schooled in the ‘4 T’s’ and can bring you up to speed. Contact us to learn more.
Is it time to analyze the security of your network and employee activity within it? Read 4 Reasons You Should Conduct a Cyber Threat Assessment>>