Security Vs Compliance
The Importance of Cybersecurity and You
Cybersecurity for business is a complicated topic. It always has been. Due to its complexity, many don’t grasp the importance of cybersecurity. To help you better understand its importance, we’ll give you a brief introduction to cybersecurity, information security, and keeping your data safe online.
Often people believe cybersecurity is simply a few antivirus and security programs being in place and little more. In all reality, a lack of proper knowledge surrounding cybersecurity is often one of the biggest factors in any breach.
The 2017 State of Privacy and Awareness Report states that 70% of employees lack the knowledge and awareness to prevent cyber incidents. Yikes.
Despite common misconceptions, you don’t need incredibly expensive software to stay safe. As the old saying goes, knowledge really is power in this case.
Introduction to Cybersecurity
The simplest thing about cybersecurity is its definition.
Cybersecurity: the defense against any unauthorized or criminal use of digital data.
Unlike the definition, cybersecurity itself and the threats against it are constantly evolving. This in turn causes the elements of cybersecurity to evolve as well. Still, there are a few consistent key components that make up cybersecurity:
- Tools: Proper tools and software act as the wall between your data and those that wish to take it. Tools go well beyond antivirus programs and can include virtual data rooms (VDR), encryption software, proxy testing programs, and more.
- Knowledge: The most well-armed fighters can still fail if they lack the knowledge required to use their tools and avoid pitfalls. Staying current on the latest threats, methods being used, and software is essential to any cybersecurity program.
- Planning: Just as you have a plan for any kind of office-related disaster, it’s important you have a cybersecurity plan. In the event of a data breach, leak, etc. you need to know what steps you’ll take to mitigate damage and secure your assets.
The above points are only glossing over the surface of cybersecurity, but following them will ensure you’re off to a solid start with your security initiative.
6 Ways to Strengthen Your Cybersecurity
Having a proper cybersecurity system in place involves a lot of patience, time, and finances. That being said, there are still several things you can do quickly and cheaply to be better prepared in the meantime.
1. Educate on Password Best Practices
Did you know 61% of people use the same password across multiple websites? Or that 63% of data breaches stemmed from weak passwords? There are countless stats that all point to the same thing: people don’t know or follow password best practices.
Make sure your team does the following:
- Use a password that’s difficult to guess and unlike any of their other passwords
- Don’t incorporate any kind of family name or pet name into the password
- Avoid using obvious numbers like birth dates
- Add a capital letter, number, and a special character like !, ?, #, or %
- Change your password regularly, don’t wait for it to expire
A quick seminar or training session on the above and your team can be off to a great start as far as security is concerned. If possible, you can also consider implementing a password tool, such as 1Password or LastPass. Having two-factor authentication is also a great idea, as it requires a secondary form of verification, such as a text to the user’s phone.
Also, it should go without saying, but make sure all of your networks and servers are password protected. In 2018, PumpUp, a fitness app, left a server unprotected and lost six-million passwords and records.
2. Regularly Train on Email and Social Media Threats
Phishing isn’t anything new, but that doesn’t mean everyone is aware of the tactics used by those looking to steal information.
Phishers regularly change their methods, using spoofed emails that look real or popups ads to install malicious software onto your computer. This can be used to track the keystrokes of a keyboard, allowing for the theft of passwords and other information.
To avoid any of your team falling prey to phishing, make sure you hold regular training sessions on the latest threats going around. Discuss that many phishers will send emails that look like they’re from a friend or relative, when the actual email address is totally different. Advise them on not clicking popups, or even consider using a popup blocker in your office.
3. Use a VPN For Any Remote Employees
A virtual private network (VPN) is a great way to ensure your out-of-office employees are using a secure connection. In-office employees will be on your LAN or using the secured wifi, but those out of the office could wind up using the wifi from a cafe or their home.
A VPN is a cheap and effective way to minimize the chances of their connection being compromised. Many VPNs can be as affordable as several dollars a user, making them an incredibly cheap way to bolster your security.
4. Do Regular Scans of Your Computers and Network
While your office should ideally be using something more advanced, free services like Windows Defender and Malwarebytes do a solid job of protecting your computer from infections. No matter what you’re using, make sure you’re doing regular scans of your computers.
On top of this, make sure your antivirus and defense software are always up to date. New antivirus definitions are released regularly, sometimes multiples times in a week, and your software needs this to function properly.
You also want to be regularly scanning your network for any vulnerabilities. Use a proxy scanner or network vulnerability scanner to check for any flaws in your network’s security. Any kind of flaw can lead to unwanted visitors gaining access to your network.
There are numerous free options as far as vulnerability scanners. While their functionality can be limited compared to paid options, they will at least let you know if there’s a problem that needs to be fixed, in which case it might be time to pay for a full-featured scanner.
For a reminder on the importance of scanning for infections, look at the 2014 Sony Pictures breach, which cost the company $15 million initially, and damaged their reputation for years. (Their particular case also stresses the importance of physical security at your building.)
5. Emphasize the Importance of Information Security
Just as you stress the importance of cybersecurity, you need to stress information security as well. A component of cybersecurity, information security is the practice of specifically ensuring the safety of your company’s information. This can be in the form of data and documents.
Information security encompasses both attacks on information like a data breach, and also the loss of information through a natural disaster. For this reason, a proper information security program involves having a backup plan as previously mentioned, keeping your employees trained on best practices, and using the right tools.
A loss of sensitive information can cost a company a fortune. According to the 2018 study done by the Ponemon Institute, the average data breach costs $3.86 million, and the average cost per-record stolen is $148. This isn’t to mention the impact a breach can have on a pending M&A deal.
Hold regular training sessions on information security and how to handle sensitive info. Stress the importance of NDAs and consider using digital rights management (DRM) software to protect any information being shared.
Proper DRM can give you the ability to revoke access to files even after they’ve been downloaded, which can prevent anyone from sharing information after leaving your company. This alone could save you millions in the event they try to compromise an M&A or other deal.
6. Consider Using a VDR
If your company regularly handles sensitive information or will soon be in the process of an M&A, you should consider using a VDR.
A VDR is a more secure, business-minded approach to file storage and sharing. With a VDR you can ensure your clients or employees are looking at the most recent files, guarantee authenticity using watermarks, and even use DRM functionality to prevent any file from being stolen.
In the past many VDRs could cost you upwards of six figures. Today, there are options available for as little as $99 per month. (Psst, we even have a free trial for those of you curious about how a VDR might benefit your company.)
Features to Look for in a VDR
When you’re shopping around for a VDR, there are certain features you should be looking for. There are numerous VDR options available, so this list of features should help you narrow down your search.
- Proper Compliances: HIPAA and SOC 2 compliance can ensure your VDR is set to handle most deals.
- Audit Trail: An activity tracker that automates an audit trail and lets you know who changed what can reduce the chance of anyone abusing privileges.
- IP Address Restrictions: The ability to block certain IP addresses from accessing files is a key element to keeping your documents safe.
- Automated Permission Expiration: There are numerous moving pieces during M&A due diligence, during which time many eyes could be seeing sensitive information and documents. Automated permission expiration can take away the stress of managing permissions, and prevent anyone from seeing a document after they’re no longer involved.
- Built-in Antivirus Scanning: The primary function of a VDR is keeping you and your documents safe. Built-in antivirus scanning adds an additional layer to that security, reducing the chances of your network being infected by a malicious file.
Many companies make the mistake of using a free service like DropBox or Google Drive to share their files, and pay dearly down the road when information is leaked or stolen. A VDR with the above features can prevent that. (Did we mention CapLinked features all of the above?)
Risk Mitigation
Even with a strong cybersecurity platform, having risk mitigation measures in place is always a great idea. The strongest cybersecurity systems can still be breached. A risk mitigation plan will help reduce the likelihood of any damage being done in the event of a program failure or internal breach.
Here are a few best practices you can put into place to help reduce the likelihood that your company suffers a loss:
Limit Access Control
When you’re in a leadership role it can be tempting to give numerous people administrative abilities within your system. More people that are able to complete high-level tasks will surely translate to more work getting completed, right? Unfortunately this can lead to an abuse of privileges and result in data being lost, stolen, and so on.
To reduce the likelihood of any internal leaks or incidents, limit access and administrative principles to only those that absolutely need it. Take a page from the Microsoft playbook and use their definition of Least-Privilege Administrative:
“The principle states that all users should log on with a user account that has the absolute minimum permissions necessary to complete the current task and nothing more.”
Use Encryption
Encryption is the practice of transforming information into a scrambled code that can’t be deciphered. When data is encrypted it is often useless to thieves in the event that it’s stolen. This doesn’t necessarily mitigate the entire financial cost of a breach, but it can give your customers peace of mind and help reduce the likelihood of them leaving your company.
Whether you’re sending data or simply letting it sit on a drive or server, encryption is always a great idea.
Implement Automated Patching Software
Patching, the act of updating software via updates, can be tedious. This is especially true when you’re dealing with an office filled with computers, each running antivirus software, an operating system, encryption software, and any corporate tools that all need to be updated.
Patches can take time to download, so many times users put them off when they’re in the middle of working. This often results in patches not being downloaded at all. With many patches including fixes that close security gaps, patches are incredibly important.
Automated patching software can take away the hassle of updating an operating system, antivirus programs, and more by updating things automatically. This allows you to schedule updates across your entire office, ensuring every is updated during a time it doesn’t inconvenience employees.
Leave Audit Trails
Audit trails, also known as audit logs, are records of any changes made to procedures, events, operations, and any other security-relevant task. This log can also include major events such as a financial transaction, movement on an M&A deal, and more.
There are numerous ways to handle an audit trail. The end goal is to have a solid record of who did what and when. As long as you can always trace any shifts relating to major pieces of your company, your audit trail is working properly.
Create an Incident Response Plan
No matter how secure a company is, the chances of a security-related issue occuring eventually are always there. It’s important to have an incident response plan in case a breach or incident does happen.
Meet with your IT team and anyone that handles data or sensitive information, and discuss any possible loopholes, risks, and so on, and determine what the best course of action would be for any potential incidents. Once you have a plan drafted up, train any relevant team members on it and ensure it’s updated as processes change over time.
Staying Safe
Following everything previously mentioned will put your team in a great place as far as cybersecurity. Still, complacency is the friend of threats and the enemy of safety. Never stop training and educating yourself on the dangers out there, and always make sure your auditing your toolset to see if there’s a newer, better option available.
The importance of cybersecurity can’t be understated. Yes, cybersecurity can be costly, but it doesn’t have to cost a fortune. Start by educating yourself and your team, and take things one step at a time. And one last thing: don’t click that link stating you won a free iPad. You didn’t.
Related posts
