Financial liability can do significant damage to a business as the result of a cyberattack, but there exist steps that can be taken to protect against inherent vulnerabilities.
Much has been written about the consequences of opening an email that has the appearance of being legitimate, when in fact it contains malware, exposing a company’s network to hack attacks. Beyond the immediate damage to a compromised network, the financial repercussions are many when sensitive customer information is breached—opening the door to the potential of widespread identity theft. Financial liability can do significant damage to a business as the result of a cyberattack, but there exist steps that can be taken to protect against inherent vulnerabilities.
It’s important that updated patches are being applied on all servers and personal computers. A patch is typically a set of changes to a computer’s operating system/programs and is designed to update, fix or improve security vulnerabilities and other bugs. Since a patch’s primary job is to repair issues or fix security flaws, these updates should be mandatory.
Another “must do” prevention is updated antivirus software. Typically, these updates are pushed out without the knowledge or input from a user. That is the good news! Unfortunately, we have seen situations where a user is able to and decides to turn off virus protection. This is a “no-no.” Make sure the antivirus software is on and updates occur on a regular basis.
It may be one of those “goes without saying” measures, but strong and complex passwords are an important component to thwarting hackers. A 12-character password, changed every 180-plus days, is best. The 12 characters should not include a straight-forward dictionary word but rather a random mix of letters and symbols.
Also, make sure that the standard user ID and password of any third-party device that connects to your network – as example, a wireless router – is changed. Anecdotally, an IT assessment performed recently resulted in a grade of “F-” in terms of a device responsible for securing and locking doors and having security cameras in place.The vendor that implemented the device never changed the standard user ID and password within the security system. As a result, we were able to externally access the system, open and close doors and move cameras around.
Be aware of other vendor access to networks; often third-party access for HVAC or VOIP systems on networks, etc. are given without thought to the possibility of security violations. Word to the wise – find out what vendor security protocols are while limiting the when and how the vendor(s) can access your network.
The importance of employees knowing their role in securing both their and the company’s information cannot be overstated, as there is a high rise in phishing and spear-phishing attacks. Hackers send a personalized email that appears to come from a trusted co-worker or known business entity – with the ultimate goal of stealing sensitive/confidential information. Train employees to “trust but verify” email.
This brings up another important point…with the frequency of cyberattacks, have an incident response plan in place. Many organizations have a head-in-the-sand attitude, believing a cyberattack will never happen to them, but in fact all businesses need to prepare for the worst. Incident response planning and upfront training is a must for an organization to proactively deal with a security breach situation.
In order to best protect your organization against a cybersecurity attack, you need to know your security weaknesses. A professional assessment can identify immediate risks in many categories, including:
blumshapiro offers a wide range of services to assess an organization’s cybersecurity approach to mitigate risk; our cybersecurity and risk assessment consultants have years of experience providing solutions to organizations at all stages, across multiple industries. We also offer cybersecurity awareness trainings to ensure your organization’s employees are aware of their role in protecting information assets.