Cybersecurity: 3 Steps to Safeguard Your Business

By: Scott Kost

Following Target's security breach -- one of the largest and most public data breaches in history -- and now with the recently discovered Heartbleed vulnerability in OpenSSL ,which is used by nearly every website in the world to encrypt information and secure e-commerce transaction details, more people are looking at cybersecurity and protecting their data in an increasingly urgent light.

There is a very real possibility that consumers' sensitive information - passwords, debit and credit cards, stored files, and personal information, even Social Security numbers - can be compromised. As such, it is imperative that businesses prepare and protect themselves against this type of attack. Hacking is a $113B global industry annually, according to Symantec's 2013 Norton Report, and the cost of your business' computer network being vulnerable to these financially motivated cyber-thieves can be devastating. Heartbleed's revealed vulnerability has left websites of all sizes reeling to update their software at the potential cost of thousands of users; Target shares have hit a 52-week low since the attack, causing the company to reduce its quarterly earnings forecast.

To help protect your company against cybercrime, we've identified three key action steps you can take:

Be Proactive and Establish a Contingency Plan

In the occurrence of a breach, businesses must be able to rapidly identify the issue and assess the damage while rolling out next steps to prevent further penetration into their valuable data. Consider if your business was located in Tornado Alley; you wouldn't wait until a cyclone was rolling through town to define your emergency plan, so don't do the same with your cybersecurity. Develop a contingency plan that explains how your company will take steps to detect, analyze and communicate any potential data breach.
 

Test and Secure Your Company's Network

Along with actively developing an emergency preparedness plan against a possible security breach, it is important to also aggressively test your network for vulnerabilities. Cybercrime is an ever-evolving nuisance, and companies must regularly shift their perspective and tactics to combat it. As with your annual health check-ups or regular grounds maintenance, your network security needs to be well-maintained and constantly tested and improved to ensure it is doing its job against hackers, both internal and external. If you do not have the bandwidth to conduct a comprehensive study on your business' data integrity in-house, hire a "white hat" hacker to assess it for you. These consultants will test your security from the outside in, dissecting any weak access points and aid you with implementation measures to improve your security from both ends. 
 

Train on Best Practice

People are a company's biggest liability when it comes to cybersecurity, and hackers know it. They will target and attempt to leverage your employees to their advantage, which is why staff needs to be educated on preventing and recognizing threats. As the saying goes, you are only as strong as your weakest link. Phishing e-mails and viral links are just one aspect of this awareness training; developments in mobile malware mean your employees could be inadvertently allowing penetration into your network through their mobile devices on your business' BYOD strategy. Additionally, training on traveling with devices and working remotely is key to eliminate personnel vulnerabilities; cybercriminals can access un-safeguarded devices in less than 60 seconds, and hacking and monitoring activity on unprotected, public Wi-Fi networks is child's play to many of these techies. In fact, 78% of initial hacks last year were due to low intrusion difficulty, according to Verizon's 2013 Data Breach Investigations Report (DBIR).

A few additional business best practices to consider:
 

• Ensure all business devices are running up-to-date antivirus and antispyware programs.
• Require employees to change passwords every 60 to 90 days. Seventy-six percent of security breaches in 2012 occurred as network intrusions due to weak or stolen credentials (Verizon, 2013 DBIR).
• Determine risks and weakness from a double-sided approach. While 92% of breaches were perpetrated by outsiders last year, internal leak vulnerability needs to be considered when assessing your security's integrity (Verizon, 2013 DBIR).
• Remember that data breaches occur across industries, countries of origin and organizational size, and they are a multi-faceted issue. Your business' approach needs to be just as thorough and complex as the problem.

In all, addressing your company's cybersecurity risk is an area you do not want to skim over. Employees need to be educated on the threat and a dynamic discussion needs to regularly take place on adapting to the challenge.