An ounce of prevention is worth a pound of cure.
An axiom of the medical community, this mantra easily applies to cyber-security, for a disproportionate number of data breaches could have been prevented had a proscribed set of steps, known as Controls, been in place. In recent breaches: Anthem, Medical Mutual of Ohio, Equifax and others, one or more of these Controls were discovered lacking.
Listed in a series of ordered steps, this group of 20 Critical Controls”[i] , developed by the Center for Internet Security in collaboration with cybersecurity education group the SANS Institute, serve as network fortresses. And thereby greatly reduce the chances of a data breach, or at the very least, lessens the severity of one. Among this set of best practices are tasks like encryption, patching, network segmentation and inventorying systems- all time-honored fundamentals. In addition, it is recommended that companies have a vulnerability scan performed annually to identify network weaknesses, and those operating in regulated industries are required to do so.
Whether your I.T. is managed in-house or outsourced, all businesses have a fiduciary responsibility to keep customer’s personal information safe, and in some instances, a regulatory requirement to do so. While securing your network may at first seem daunting, taking the proactive approach set forth in these guidelines strengthens your network.
While some reading this article will incorrectly believe that cyber-attacks happen to others, nothing is further from the truth. Customer databases, financial records, personnel files, written policies and processes are all gold mines for cyber thieves. Moreover if you are a supplier to a larger organization- you are indeed a target. As a supplier, you hold login credentials, which, when stolen will be used to infiltrate that larger organization’s networks and wreak havoc. In the highly publicized Target Stores breach, it was a small HVAC company’s system that was breached; its credentials stolen and then used to infiltrate Target’s network.[ii]
Cybercrime shows no signs of slowing down; indeed, the Privacy Right Clearinghouse[iii] reports that already in 2018, there have been 320,909 records breached and we are not yet through the first quarter. Regardless of company size or industry, no company is immune from a data breach- or absolved of culpability when one occurs. Prevention is key and a
very economical one when compared to mitigation.
For helpful tips, guidelines and links to additional resources, visit www.wins1.net.