No business would leave the office front door unguarded, but when it comes to access to their most valuable or sensitive information the door is often left wide open. It makes no sense, says Joe Jouhal, our CEO here at Avatu, especially as there are new tools and techniques that will help slam the door shut.
A while back, a chain of Yorkshire tea shops found themselves in the spotlight because someone stole all their customers’ information.
It’s hard to think of a more unlikely target for a hack. But it happened. And Bettys had to apologise to all its customers, review its information security and no doubt spend many thousands of pounds trying to put things right.
A few months ago, the cyber hacking finger of fate pointed at Talk Talk. Before that, the high-profile hack was the US federal government’s HR department; and a while back, the name on all information security lips was Sony...and Target...and eBay...and HomeDepot...and JPMorgan Chase.
When it comes to information security, there is no typical victim. Anyone and everyone has the potential to enter the firing line.
Next week it could be you.
How to protect yourself: start with your crown jewels
Companies today have an overflowing amount of information and multiple routes in to reach it. For many, the challenge is where to start. And our answer is always: begin with your crown jewels.
Step one is to decide what your company’s crown jewels look like. What information constitutes the lifeblood of your business? What is secret, sensitive or potentially damaging?
Step two is to find it, all of it (which is trickier than you might think for many companies).
Step three is to decide on which layers are needed to keep it safe.
Many and multiple devices can be the weak point in your security. And your people will always be a potential weakness, which you'll have to look at again and again, and prepare for when they get it wrong.
There is no one single policy or piece of technology that will provide total protection and a layered approach is recommended to business by the government’s cyber and information security advisers at GCHQ.
In this unnerving and threatening landscape, we need good old-fashioned perimeter prevention. But we need added layers of protection, detection, mitigation and a plan in place to put things right when they go wrong, too.
Seven activities to help protect your crown jewels
1. Make detection part of your strategy
Many organisations have already been breached; they just don’t know it yet. And the longer a threat sits within your systems, the more potential there is for damage (as Sony can testify). Detection can be a more expensive option. But if you can’t afford to take the risk, it’s a step you need to take. Detection systems will give you the reassurance that anything that does get through will be dealt with as quickly and efficiently as possible, before it can do unimaginable and devastating damage.
2. Know where your sensitive data is (and protect it)
Many organisations don’t know where its most sensitive data is held or who has access to it. This increases the risk, and doesn’t allow for proper risk assessment or threat mitigation. New data protection legislation (see more on GDPR here) will also mean organisations need to understand - and protect - their data better or potentially face massive fines of up to 4% of their global turnover. Innovative information governance technology can help with this situation, however.
3. Look after your data when it’s inside, and outside, your organisation
Today, in our interconnected world, our data often has to be shared with people outside our systems. Don’t make it easy for hackers and thieves to steal and share it. Information rights management can allow you total control of your data whether inside or outside your organisation.
4. Review and limit access arrangements
Removing admin rights can mitigate 97 per cent of Microsoft vulnerabilities.
5. Protect the endpoint
Access to company data through many and multiple devices can be a weak point in your security plan. Introducing new technology – which is already used by many banks, government agencies, aerospace companies and Formula 1 teams – will keep your devices secure but still easy to use.
6. Revisit your email protection (there are new, very cost effective, products which can vastly improve the security of this vital communications route)
Up to 94% of malware and ransomware finds its way onto computers and systems through email attachments. Our partners have technology that removes all the risky stuff from email attachment but doesn't change any of the content.
7. Look seriously at insurance
Insurance will lessen the impact financially and will help mitigate cyber risks. It will give a financial cushion to help you deal with the fallout of an attack and encourage best, risk-limiting practices.
This article first appeared in the New Statesman.
Need more help?
For more information and advice on recommended approaches and technologies that can help call us on 01296 621121 or email our advisors on firstname.lastname@example.org or contact us here