Despite growing innovations to combat cybercrime, there is a consensus amongst most security professionals that it is not a matter of if you get breached – it’s a matter of when. If you are the kind of business leader who thinks of cybercrime having an endpoint, you are wrong. Defeating cybercrime is a continuing process and will be for the foreseeable future. In this article, I’ve listed five cyber security best practices for you to consider.
This is unlikely the first time you’ve stumbled upon a cyber security best practices list before, but I wanted this list to address the most recent evolution in cybercrime.
I’m talking about the evolution of ransomware from traditional to new applications, the cyber security implications to the increase in remote workers, the consumer privacy implications in the face of new regulation and the growing emergence of machine learning and other technological innovations.
The importance of creating a cyber security culture
At the moment, workplaces are changing drastically, we are seeing a rise in things like people wanting to work from home or use employee-owned devices within a business (BYOD). Traditional security measures often prove ineffective in protecting data on these endpoints.
Like it not, technology is changing the way people work, instead of imposing arbitrary restrictions on new devices and risk forcing employees to work around the IT department. It would make sense to think how you can cope with change.
>See also: Why businesses should foster a culture of security
A modern security culture should adapt to this and liberate workers to work the way they want.
A good way to liberate is to educate. CIOs and IT leaders need to make sure that all employees across an organisation are aware of the potential threats that they could face, whether it’s a phishing email, sharing passwords or using an insecure network.
One little meeting is not going to cut it, cyber attacks come in a variety of forms and are evolving constantly, everyone needs to be kept up to date on what to look out for.
A strong security culture must also define how security influences the products and services that the business provides.
Plan for “Bring your own device” (BYOD)
On the point of the proliferation of remote workers and people working on their own devices, beyond education, other security measures need to be put in place.
We only have to think back to the last US election to understand the dangers of downloading or sharing sensitive data on insecure servers.
>See also: Is BYOD the biggest data blind spot?
People responsible for security need to ensure they have a layered approach which incorporates a number of elements such as device authentication, data encryption and the ability to remotely wipe data if a device is lost or stolen.
Protecting endpoints
Beyond keeping up with the rise in BYOD, it is important that we don’t focus solely on new endpoints, as more traditional endpoints are constantly opening up to new risks.
Earlier this year, a study by Ivanti, showed that only one-third of businesses have full visibility into their IT environment (physical, virtual, online, offline, etc.). And while almost half (46%) have partial visibility, 18% have no visibility or reporting capabilities at all.
Considering the scale of hacking we saw in 2017, this is surprising and shows how vulnerable we still are.
Gartner’s Customer Choice Awards from 2017 will give you a good introduction to the endpoint security vendor space. Gartner also offers links which will allow you to make comparisons.
Backup data to reduce damage from ransomware attacks
We are seeing an increase in data and an increase in our reliance on that data. We are also seeing an increase in sophisticated attacks on that data.
>See also: ‘Back it up’ should be a business battle cry
Trying to stop attacks on your data is one thing, another key thing to do is reevaluate your backup management.
It is also worth asking if your backup is safe, as cyber attackers can target these as well.
Among a lot of organisations, this is often overlooked. Backups don’t generally contribute to revenue generation. However, ignoring backup and documentation can cost a corporation millions.
Emerging tech for cyber security
The bad news is that threats will continue to evolve, the good news is so will the ways we combat them.
Being inquisitive and open will serve you well in this case, as being able to adopt the latest and best-of-breed innovations will be the only way to survive.
>See also: Will blockchain solve the cyber security skills crisis?
This is not without difficulty, as you’ll need to separate genuine innovation from misleading marketing.
However, new solutions are arriving and they are very exciting to learn about.
I am particularly fascinated about the possibilities blockchain may offer to fix the skills gap in cyber security, by way of creating a decentralised marketplace where hackers can make money building anti-malware engines instead of causing harm.