Menu
Menu
Menu
Cybersecurity and Privacy Planning in 2022 secureflo.net
Large organizations often have a lot of resources to help defend against cyberattacks, including people, processes, and technology. These companies maintain detailed cyber security standards based on oversight and regulatory requirements. Nonetheless, large companies are an ideal target for hackers seeking financial gain.
Small organizations have similar risks as larger organizations, including potential damage to their brand/reputation from a successful cyber hack. Startups and small businesses often focus on revenue and rapid growth, so they may not always be able to attract and hire qualified information security experts. Even tech startups with technology talent might not consider security and risk a critical component of their business operations that requires an ongoing budget.
Spending on cybersecurity initiates is not typically viewed as contributing to revenue or faster growth; however, ignoring this area exposes smaller companies to security risks. In light of the recent cyberattacks dominating the news, companies of all sizes have prioritized addressing cybersecurity and privacy risk in their supply chains. Ransomware attacks have forced companies to analyze their vendor and third-party risks.
In 2020, the UK Government published an internet data security survey report which stated that about 46% of data breaches took place in the UK in 2019. Symantec’s Threat Report found that about 82% of the total data stolen was due to inadequate internet security planning by small enterprises.
The European Union has forecast four times more software supply chain attacks in 2021 than in 2020, as cybercriminals shift to more extensive, cross-border targets. The report stated that 66% of supply chain attacks were committed by exploiting an unknown vulnerability, while 16% leveraged known software flaws. For supplier assets, most attacks during the specified timeline aimed to compromise code (66%), followed by data (20%) and processes (12%). With customer assets, supply chain attacks most commonly targeted customer data (58%), followed by critical individuals/executives (16%) and financial resources (8%).
Despite having so many attackers around, there are ways to minimize your security risks. Defining a robust process-based cybersecurity program can protect your data from being stolen or lost.
Here are some cyber security measures you can take to protect your valuable data in 2022:
IT staff need to understand the major risks and threats to the organization. Issues like a natural disaster, failure of their systems, or malicious human activities might affect your company. Conduct security risk assessments quarterly or bi-annually to protect against current security risks and remediate vulnerabilities.
It is well known that most users choose easy-to-remember passwords for all their essential accounts. Having to remember many passwords for our personal and work life explains why not everyone wants to use and remember very strong passwords. However, as a best practice, passwords should be eight or more characters in length and include upper, lowercase, numeric, alphanumeric, special characters, and random strings. Another best practice is to require your employees to change their passwords every 90 days and not allow re-use of the same password for at least one year. This discipline will help your password management process.
More than 95% of web applications are attacked due to weak credentials or passwords. For additional protection, it is recommended to use multi-factor authentication (MFA) or two-factor authentication (2FA). Using additional layers of security measures will reduce your risk of getting attacked.
With much of the world working remotely, using Virtual Private Networks (VPNs) creates a secure tunnel through which data flows between the end-user and data source. VPNs provide the capability to secure access to your cloud or remote networks that house sensitive information.
Developing a solid backup process that is documented and secured is key to more robust security and privacy. Choose a backup location not in the same region as the data’s source location. Conduct tabletop and complete failover testing to make sure backups are available and can be used to recover data. Always have at least two administrators with full access to the backup data and the knowledge to recover it. The backup should be fully encrypted.
Develop and document an incident response policy and plan. This plan should clearly describe what constitutes an incident, the escalation steps to complete in the event of a breach, and which parties should be notified. Report all incidents to a help desk to track each issue’s resolution. Conduct a tabletop test of the incident response plan and evaluate how effective communications were during the simulation.
Develop written business continuity and disaster recovery plan and conduct complete failover and tabletop testing. The plan should include recovery processing objectives defined for critical applications, and all test simulations should measure the recovery time. Educate your clients and vendors on your expectations for continuing business in case of a data breach or a security event.
Data shows that around 90% of cyber attacks occur due to human error or mishandling. Your employees must be aware of the risks and internal policies and procedures to meet compliance requirements. It takes a village to develop a robust cybersecurity program internally. A regular training process will educate your team about ransomware, phishing emails, and other types of cybercrimes. Phishing is one of the most common ways hackers use to access your organization’s network. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies or people to induce individuals to reveal personal information, such as passwords and credit card numbers. During COVID with remote work, phishing has increased. Phishing simulation tests allow employees/contractors to learn how to recognize these emails and take appropriate action to prevent breaches.
Your systems and applications should always be up-to-date with the latest versions of their software. Patching software allows you to have the latest features/functions and fix security vulnerabilities in the code. Older versions are more vulnerable to a cyberattack than the updated version. Developing a practice of testing and patching software reduces your cybersecurity vulnerabilities.
Governance provides the ability to meet compliance regulations and meet or exceed best practices. Documented policies and procedures ensure that all employees are aware of various processes in place. Train all new employees and inform your vendors about your expectations. It is critical to have the appropriate people in place to enforce and monitor the execution of each policy. Hire a senior security manager to supervise the overall risk management program. Smaller businesses may opt to outsource their cybersecurity and privacy program to a third-party security provider.
Develop a penetration testing process, perform vulnerability scanning, and conduct a secure code review for a comprehensive vulnerability management process. Organizations must understand and be aware of risks that can drive patching, remediations, and risk reduction.
Cybersecurity is critically important today. As we begin the new year with an ongoing pandemic and new variant, organizations must continue to practice good cyber hygiene. Implementing robust risk management and governance processes is an essential first step. Involve your employees, contractors, and vendors in your security program. Educate your employees on how to maintain good cyber hygiene and comply with cybersecurity and privacy policies. When evaluating your firm’s processes, people, and technology, identify potential cybersecurity risks that could impact each one. When recruiting information security staff, hire experienced security experts onto your team, or utilize external management services to improve your security operations. A toast to 2022 and your organization improving its cybersecurity!
