Anybody in the information technology industry can attest to the importance of cybersecurity, as underlined by high-profile security breach cases at large organizations such as Target, Anthem, the U.S. government and many more over the past 18 months. Even well-known technology brands like Apple Pay are experiencing fraud issues. All this reminds us of the need to be vigilant in regards to data security. These types of breaches are projected to become more common in the years ahead, as there were more security breaches in 2014 than in any previous year.
With these facts in mind, we were interested to read a new white paper from Global Knowledge Training titled “10 Ways Everyone Should Approach Cybersecurity in 2015” that was penned by global knowledge instructor James Michael Stewart. It’s a terrific read in which Stewart offers up one piece of sage advice after another to help businesses stay ahead of hacks and attacks in the future. Here are some of the highlights among the 10 lessons he brings forth:
Be wary of email – Email is not private; in fact, it’s far from it, especially if you are using a public Internet account like Google, Microsoft or Yahoo. An https SSL/TLS-encrypted connection provides protection when reading or accessing your messages, but not when sending or receiving them. Stewart advises “minimizing the transmission of information across email that could cause you problems (or heartache) if it was intercepted in transit,” and to “seek out a more secure form of information transference, such as encrypted file exchange, text chat, or video conferencing” for those items of significant importance. He also suggests you start using an email encryption utility yourself, such as S/MIME, PGP, GPG, or OpenPGP.
All networks are vulnerable – It’s impossible to construct a fully secure network. They all have vulnerabilities. Stewart recommends being cautious about relying on relatively unproven technology to store sensitive information, and he outlines how essential it is to have reliable backups, advising that “you should have three copies of your data—the original and two backups.”
Just because a company is big, doesn’t mean its secure – Large companies often have priorities that run counter to its customer’s best interests. In short: they don’t always offer the best security to their customers. Think twice about putting private, sensitive, or valuable information anywhere online without proper security measures in place. Always set your account information to private when that option is made available.
Networks should be segmented – Although setting up a private network as one internal group is easier to manage and more convenient for users, it is also a security risk. Stewart advises companies “to reconsider their network deployment. Segmentation or compartmentalization is key to limiting damage and access once malware has gained a foothold or when a remote access Trojan has allowed a remote hacker into your organization.”
Pay attention to security alerts – There will always be false alarms, but assuming every security alert you receive from your products is false is a huge mistake that can have serious consequences. Case in point: The attack on Target set off alerts and could have been prevented or at least seriously reduced if the officers who received them had only acted accordingly. It’s a best practice to investigate every alert you receive.
Protecting your sensitive data is an important topic. In addition to these sound tips, we also recommend that companies not overlook the contribution that can be made by:
- Stringent employee hiring practices
- Effective business controls
- Well thought out and executed third-party reviews of your business environment and technology infrastructure
If you have questions about data security as it relates to SaaS or cloud-based computing, please contact us at info@DataServ.com.