Rupert Mills, managing director at Krome, examines what can be done to ensure your business isn’t a victim of Cybercrime
MOST BUSINESSES rely on Information Systems to support activity and this intrinsically makes them more vulnerable to malware, hackers or staff errors. Having access to your information at the right time can be the difference between failure and success for your business. Here are three tips on how to avoid putting your business at risk.
1. Implementing the right security strategy
Consult with specialists on a strategy that can best support your business should a problem occur. Implementing a clear strategy helps to ensure that you can control and secure your data from malicious or accidental changes. On average, a piece of malware will go unnoticed within a business for an average of 96 days, meaning malware is going completely undetected. Using an Anti-Virus system will inform you of any threats to your data and ‘clean’ your computer.
2. Building cybercrime awareness within your business
5 years ago, most businesses were primarily using port based firewalls, combined with some desktop and server AV. This was the total landscape of their security prevention. However, as cyber criminals become increasingly clever, we see deep packet inspection firewalls from the likes of Palo Alto and Dell, as well as far more advanced desktop protection in the shape of Traps and BIT9/Carbon Black.
Cybercrime is not going to slow down and as time goes on, it will only become more advanced. In recent cases, hackers send a phishing email with an Office attachment where they pose as a colleague. This file will contain a virus which will invade your data and retrieve private information within the company and potentially use it for ransom. Make sure that your employees are aware of how easy it is to fall prey.
3. Identify your areas of risk
The first thing to improve your security is to identify where your vulnerabilities lie. We once worked with a company who thought they had a very strong security policy. After monitoring their environment for 24 hours, we identified that overnight a single machine had sent over 1TB of data to a foreign country completely unbeknown to the security team. In order to ensure security, companies must first identify their areas of risk. After all, you cannot fix what you don’t know is broken.
We are almost to the point that we are able to eliminate security risk by formulating a complete threat surface protection strategy. While this sounds almost too good to be true, advancements are being made every day. To turn this scenario from a hypothetical to reality CSOs need to work to define an evolving strategy that can keep them one step ahead.