It has never been easier for cybercriminals to infect your business with malware or ransomware. A vast array of malware tools can be bought on the dark web, complete with helpdesks for hackers, so the barrier to entry is low. Most hackers will sit on your network for days, weeks, or even months, gathering intelligence to infiltrate your systems and then try to exfiltrate data undetected.
While prevention is better than cure, it’s not always possible. The smart move is to take what action you can to guard against intrusion, but also to employ intelligent real-time defenses, and to craft detailed action plans and procedures to handle any incidents that do arise. These best practices will help you reduce the risk of a data breach occurring in the first place, but also reduce the impact and damage if the worst does happen.
The first step in securing your organization is to determine what level of risk you are willing to tolerate. Every business is different. You must assess your data and workflows to find out what the key risks are that would damage your business, and plan to address them in order based on the threat that each one poses. It’s unlikely you’ll be able to cover every base, so to extract maximum value from your resources, make sure you understand where your baseline is and apply a triage approach.
From printers to security cameras to smartphones, the number of exploitable endpoints on your system is growing all the time. It’s vital that you have a complete inventory of devices, including small devices and sensors that fit into the Internet of Things category. Your ability to protect your network depends upon you having a clear, fully mapped picture of it.
It’s easy to focus on the technology and tools that promise to bolster your security efforts, but the simple truth is that people are usually the weakest link in your defenses. People click on links they shouldn’t, they respond to increasingly sophisticated phishing attacks, and they unwittingly invite malware onto your network. It’s crucial that you train your staff to spot security risks and teach them how to respond appropriately. Put a proper security awareness training program in place and test your employees regularly to ensure that it’s working.
Many data breaches occur because of a simple failure to address known vulnerabilities. Organizations can be alarmingly slow to update software and patch issues, even after alerts are sent out. Make sure you have a stringent update policy in place and consider employing a tool that can flag your existing vulnerabilities.
If an incident or a breach does occur, then treat it as a learning opportunity. You may assume that ticking all the boxes will keep your data safe, but new attack vectors are uncovered every day. A root cause analysis will enable you to identify the heart of your problem and remediate.
Wherever possible you want to employ real-time tools that can scan for issues and resolve them automatically. Sometimes security teams are struggling with a backlog, so identifying a threat isn’t enough, because there’s a lag between the alert and the fix. Consider the role machine learning can play and think about user behavior analytics and other strategies for uncovering possible risks.
You can restrict damage, reduce recovery time and limit the associated costs by putting a robust incident response plan in place. A good plan lays out every detail of an effective response, making it clear who is responsible and what needs to happen every step of the way. Break it down, so you have a playbook for data breaches, denial of service attacks and ransomware attacks. Run drills to ensure that your plan is effective. These plans and exercises are also great to show regulators that you’re taking your responsibilities seriously.
It may be tempting to splurge on the latest security tools, but it takes some expertise to leverage security software effectively. Start by assessing the technology you currently have in place and make sure that you’re getting maximum value from it. Sometimes a process tweak or reconfiguration allows you to secure much more with little or no cost.
Security should not be about firefighting; your CSO should be selling the importance of a strong information security strategy to every business unit in your organization. They need to be included as part of everyconversation whether it’s a new project, the development of a new application, or a new technology is being acquired.
It’s highly likely that you work with third-parties and vendors and some of them will have access to your data. Your security efforts must go beyond internal strategies to consider third-party risk. Assess your partners, ensure they meet your standards, and test them on it – don’t take their word for it.
Employing these best practices will help you to reduce the risk and potential impact of a data breach, but security is on ongoing process that requires constant attention. Your strategy should continually evolve for best results.