Information Security 101: Has Your Organization Taken These Basic Steps?
Remember when information security was a boring topic that no one cared about except for a few back office IT guys? No mainstream media outlets were interested in stories about it and consumers never thought twice about using their credit card for online transactions.
The world is a different place today. Hacking has emerged as a profession. Data breaches are front page news, and consumers are factoring privacy and data security into their buying decisions. Today, the risk of a breach is higher and the consequences are more significant. From fines, lawsuits, and loss of consumer confidence to the expense and productivity drains associated with restoring a compromised system, there is a real price to pay for an organization that is hacked. In 2013 the total cost of cybercrime to the world economy was estimated at a half a trillion dollars. That's no small change.
The good news is that there are some basic steps your organization can be taking to greatly reduce your risk of a data breach.
Basic Steps to Security
It’s a PICNIC: This clever acronym, which stands for Problem In Chair, Not In Computer, does a good job summarizing the highest threat to your organization – the human factor. Your company’s compromise is likely to start with a human error, whether it’s a click, opened attachment or divulging sensitive information. To try to stay ahead of the game, set up a solid employee awareness training program, reinforce good behavior and test, test, test.
Audit and Test: It is actually not too complicated to get a reasonably small network to a secure state. Audit the security policies, practices, and settings on the devices and systems; set them to security best practices or any values required by industry regulations. Test your network for the presence of vulnerabilities and misconfigurations. With modern tools, you can have your knowledgeable IT staff do this, or hire a specialist.
Monitor and Detect: It is impossible to be 100% secure, no matter how hard you try. You need to augment your preventive security measures with a process that detects and notifies you of a potential compromise. A timely response can drastically limit the impact of the breach.
Consider Outsourcing: The reality is that most small and mid-size organizations do not have the necessary resources to deal with the challenges outlined above. Managed Security Services Providers (MSSPs) cater to a broad base of organizations and are able to provide better, more cost effective security than their clients could on their own. Many organizations are now outsourcing security alone or even IT operations management and security and enjoying the efficiencies, cost savings and peace of mind that these providers offer.
As the sophistication and volume of attacks continues to increase, it’s important to make sure information security stays front and center on your business agenda. By implementing and following the practices outlined above, you will reduce your risk of a breach and be in a better position to respond should a breach occur.
The Winxnet Security Team provides information security services to customers throughout the Eastern United States. Led by Eugene Slobodzian, PhD, CISSP, the team has over 15 years of experience helping organizations keep their information safe. Winxnet security offerings include Managed Security Services, Penetration Testing, Vulnerability Management, Social Engineering Tests, IT Risk Assessments, and Virtual Security Officer consulting.