Direct phone: 616.249.9599 | Toll Free: 866.240.2500
According to the Ponemon Institute’s 2017 Cost of Data Breach research, the average data breach has a total cost of about $3.62 million. But while the numbers and increasingly high-profile successful cyber attacks in the news sound scary, many people seem to think that data breaches are events that happen to other companies, not theirs. The truth is, cyber attacks can happen to anyone. Over five million data records are lost or stolen every day, and over 37% of US businesses are at high risk of an attempted attack. So, if
At its most basic definition, cyber security is the practice of ensuring the confidentiality, integrity, and accessibility (commonly known as the CIA triad) of data and information.
Confidentiality: The creation and enforcement of authorized restrictions on access to and disclosure of private information, such as personal and proprietary data.
Integrity: The enforcement of safeguards against the unauthorized or improper modification or destruction of information. This includes verifying accuracy and authenticity.
Accessibility: The assurance and maintenance of reliable and timely access to information.
These three attributes make up the core goals of all cyber security efforts, and every action taken towards more secure data can be linked to one or more of the triad.
Cyber security should be a top priority for all businesses that work in connected spaces, whether that means a basic internet connection or an expansive private network. Not only is poor cyber security a bad business practice, it also falls on organizations to protect themselves, their employees, and their customers from misuse of private information in a world where data is more public than ever.
While cyber security addresses much more than malicious attacks, cyber crime tends to take up a lion’s share of the topic’s press coverage. Attacks can range from relatively simple programs that are easy to execute to sophisticated network breaches, but regardless of how the attack is carried out, a successful breach can be devastating. Here are some of the most common forms that cyber attacks take:
Another term commonly associated with cyber security and attacks is “data breach,” which has been on the minds of many after years of large-scale breaches associated with big brands and companies such as Equifax, Yahoo!, and Target. The term refers to any instance where confidential and secure data is accessed and either lost or stolen. While it’s commonly associated with cyber attacks, a data breach does not necessarily entail hacking or other methods of digital access. For example, a data breach could occur because of a database malfunction which deletes a section of information, or because an authorized user left information unattended. As such, data breaches and cyber attacks are deeply connected, but not directly analogous. Both, however, are addressed through cyber security solutions.
In the digital, connected world that we live in, information and data make up so much of our environment that our points of access are nearly impossible to quantify. But for organizations and businesses, a cyber security strategy should target several key areas of focus for optimal coverage:
With all the possible attacks and entry points, getting started on better
While implementing these quick-start strategies in your organization can help to safeguard against opportunistic attackers, mitigating long-term risk requires more in-depth planning and investment in cyber security.
Depending on what types of data you store and where you store it, a formal data security protocol or procedure for your business may look different than those in other industries, or even other companies in your industry. To evaluate what should be included in your company’s data security protocol, start with these questions:
And finally, one of the most important questions is, “What steps will the company take in case of a breach?” We’ll cover this later in this guide.
Cloud applications are frequently more secure than their on-premise software counterparts - if the manager of the cloud makes them so. When you’re using and executing applications from the cloud, you need to be sure that your cloud provider is trustworthy and is ensuring up-to-date security measures. From physical server location security to updating drivers, cloud providers need to be mitigating risk, too. And, as always, access is key: while easy access to a cloud application may be important for your employees or customers, making it too easy leaves the door open for malicious attackers. Secure access to any proprietary or third-party cloud applications that are used for your business.
One of the main issues in wide-scale awareness and adoption of cyber security best practices is the lack of growth in the pool of data security experts. Whether it’s too difficult to learn, or IT professionals don’t have enough incentive to make the switch from their established specialty, not enough people are going into the cyber security field, meaning candidates for this much-needed position are in high demand. Yet without a security specialist, evaluating your business’s security needs is difficult, and it’s easy to miss a vulnerability.
In response, businesses have turned to outside expertise rather than investing in a new hire of their own. The “as a service” industry has boomed, with everything from everyday maintenance and IT support to software being sold as a subscription. Many managed service providers have recognized the gap in the availability of security expertise, and specialists at these companies are able to offer help to many businesses rather than just one.
Company culture is most easily described as the personality of your company - and when your company has a culture of cyber security, implementing security strategies large and small becomes easier and more effective. But like a personality, changing a company’s culture is no small feat. Training and informing employees about the need for cyber security is a good first step, but change needs to be wider-reaching than just knowledge.
For instance, how people act and speak can actually leave the company vulnerable to a data breach. If two coworkers decide to take a work meeting out to lunch and discuss sensitive customer information, that conversation can be overheard, and the information used. If someone leaves an important document on the copier while they take a phone call, that document is then vulnerable to unauthorized access. Data security doesn’t all take place in digital spaces, and getting employees onboard with security measures means changing their attitudes, not just raising awareness.
Establishing a culture of cyber security will look different in every company, but some examples of effective strategies are:
Making cyber security training part of new employee onboarding
Including cyber security news in a company newsletter or bulletin
Providing intuitive security tools and software for employees with less experience with or knowledge of technology
Getting employees involved with surveillance and reporting of suspicious network activity
Regular policy reviews and training refreshers
A successful cyber attack does not always mean a failure on the company’s part - technologies and innovations on both the attacking and defending sides are always evolving. But once a breach does occur, the company’s response could be the difference between rebuilding and bankruptcy. Here are some places to start:
By creating a plan to address your organization’s