Dubbed “the year of the data breach” by the media, 2014 saw an alarming rise in cyber security breaches for organizations. The most concerning part: 90% of those security breaches could have been prevented.
The fact that nearly 90% of these security breaches were preventable should get the attention of every C-Suite and board regardless of industry or geography. To help you start on the right foot, here are 5 essential cyber security tips to prepare you for this year:
1. Don’t underestimate cyber criminals.
Organizations of all sizes and security levels are vulnerable to attack as cyber criminals continue becoming more sophisticated by collaborating with each other to cause disruption for money, attention, activism, etc. It’s important to work with all levels of your staff to educate them in cyber security best practices for your organization.
2. Your data privacy and protection needs to be a priority.
Expect increasing global regulations to safeguard Personally Identifiable Information (PII) and penalties for any organization that fails to do so. Companies need to have a protocol for how they safeguard this information and use due diligence to ensure vendors, suppliers, and other third parties adhere to comparable protocols.
3. Watch out for security threats from third parties.
Target was hacked via a web services application that the company's HVAC vendor used to submit invoices. It’s a critical time to review your third party providers, identify the information that may be at risk, and exercise some due diligence to identify and address security risks within those services.
4. Your personal devices are a big vulnerability at work.
For better or worse, there’s no turning back the tide on employees bringing their own devices to work. With both internal and external threats, it’s best to be practical and figure out a feasible security plan for personal devices that can be uniformly implemented. Consider creating management procedures or requirements for devices to avoid software vulnerabilities that might lead to external manipulation of those devices.
5. Training is essential to your company’s defense against cybercrime.
Ask any security professional and she’ll tell you the same thing: your people are your greatest risk and weakest link. If you haven’t already done so, 2015 is the year to invest in high quality information security training, preferably with a social component to help drive engagement and increase awareness to the risks.
As we continue to amass increasing amounts of valuable personal data online, cybercrime will continue to stick around (and evolve). Legislation and law enforcement are working to catch up, but the best defense against cybercrime is self-defense. Raising awareness among staff, creating specific cyber security protocol, and quality information security training are the best defenses against cybercrime.