By Michelle Drolet
Founder & CEO
Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,
Read More4 Minute 42 Second Read
November 2, 2018
Smaller businesses are incredibly good at this kind of wishful thinking. They may assume that bigger companies are more attractive targets, but the truth is that cybercriminals favor the path of least resistance. If you shirk security, you’re the low-hanging fruit. One of the most shocking things about basic security hygiene is just how many companies ignore it completely.
The idea that your data isn’t that valuable or desirable to hackers is another risky way to think. A breach may lead to resource hijacking, whereby attackers are using your servers to host pornography or maybe subvert workloads to mine cryptocurrency. If you think you’re immune as a target, you’re kidding yourself.
There’s no need for some big criminal gang to decide to attack you either, a lone novice hacker can buy or rent sophisticated tools on the dark web and wield them effectively without having to understand how they work.
It’s obviously vital to ensure that you comply with regulations like the GDPR and the incoming CCPA, and many industries have their own sets of rules and regulations to safeguard different kinds of data. Failure to adhere to these regulations can lead to punitive fines. While there is some skepticism about how willing regulatory bodies are to hand out major fines, it’s not something you want to put to the test.
Complying with these rules will encourage you to adopt better security standards and more comprehensive, robust incident response plans, but it’s no guarantee that you won’t suffer a data breach. Compliance is unequivocally a good thing, but don’t fall into the trap of equating it with security. It’s also important to remember that compliance isn’t a checklist that you tick off and forget about; it’s a commitment to a standard and it requires constant renewal and consideration.
Too many companies, perhaps having paid consultants to come in and get them compliant in time for the deadline, believe it’s something they no longer have to think about. But they’re wrong.
We’ve talked about how important it is to institute a good security awareness training program and to keep an eye on your employees, but this is another security step that too many people think you can complete once and forget about. A proper training program should evolve over time and be a regular part of your employees’ schedule.
Another major mistake many organizations make in this area, is that they don’t test whether the training they’ve provided was effective. It’s crucial to test your employees with mock phishing emails or social media messages to see if they respond correctly. The results must drive some action. Failure should prompt further training, but repeated failure needs to lead to disciplinary action and even dismissal in severe cases.
You can’t turn a blind eye to staff members repeatedly failing to meet your security standards. Your security strategy is only as strong as its weakest link and it only takes one employee to erode your efforts.
This is a common statement that makes people feel more secure than they should, but there are a couple of reasons why it’s dangerous. This is such a new area of liability that many of the people selling and buying these policies don’t really understand what coverage is required. It’s all-too-easy to assume that you’re covered for a specific eventuality only to find out during the claims process that you aren’t.
The best insurance drives good behavior to reduce risk, but the depth required to do that in cybersecurity is often lacking right now. The policy might dictate you have a firewall, for example, but not how that firewall is configured. Misconfiguration is such a common entry point for an attacker that it really needs to be part of the consideration here.
As it stands right now, you shouldn’t be assuming you’re safe simply because you have a policy in place.
This is by no means an exhaustive list of the things that can lull you into a false sense of security about the threat of data breach, but you should certainly look at these four myths. The key thing to take away is that a successful defense against data breaches requires commitment and continuous effort.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |