Latest News: U.S. Data hack estimated at 18 million may be 4 times larger than expected.
This is the latest headline regarding a cyber breach at the Office of Personnel Management, and that number is expected to grow.
Imagine, what if this had been your data or your company’s data in the news instead? Cyber attacks are not going away anytime soon and the impact an attack can have on a company is huge.
According to research from the Ponemon Institute, a successful cyber attack can cost a financial services firm about $20 million, $14.5 million for companies in the tech sector, $12.7 million in communications and $8.6 million in retail. Data records lost or stolen in 2014 totaled more than one trillion—that is close to three million per day! Other companies that have recently experienced attacks include Snapchat, Korean Telecom, eBay, PF Chang’s, Apple (iCloud), and Sony, to name a few.
Data breaches tend to be a result of malicious or criminal intent, human error and system glitches. According to InformationWeek’s 2014 Strategic Survey, “Managing the complexity of security” reclaimed the number one spot among 10 challenges facing the respondents to the security survey, all from organizations with 100 or more employees.
You may now be asking yourself, what can my company do to protect our data? Below are five key steps you can take:
By locking and encrypting computers (especially folders where key data reside), using anti-virus software, and using a password manager with access restricted to key personnel (this can vary depending on the size of your company, typically 2-3 people), you can help minimize the risk of a cyber attack.
Train your employees to have a security-first mindset, and on internal data security protocols, especially incident reporting. It is important to be aware that vendors, and even your employees, can pose unintentional risks.
If your company performs e-mail and social media training, make sure the training covers the identification of fraudulent emails, and the risks involved when social media followers post fraudulent links that can infect your or your employees’ devices, and even your firm’s network.
Mock Cyber Attacks
Training and security bulletins are a good step, but the simulation of an actual attack and actions that would need to be taken is what will make it real to them. Train your employees to exhibit appropriate, security-first, behavior by conducting social engineering attacks and identifying employees who require additional guidance.
Following the mock attack, you should focus on the following behavior:
- What did your employees do when malicious activity or other threats were detected?
- Who (if anyone) did they report it to?
Have a process in place to report potential attacks, both internally and externally.
In the event of an attack, some of the key response mechanisms include changing passwords, notifying key stakeholders, accessing or making backups of data, and contacting your insurance firm if you have cyber insurance.
Customer Feedback Methods
It is important to have a way for your customers to communicate online about an issue or a breach. You can have a contact form, statements posted online, or use social media to direct clients to alert your company about possible cyber security threats. Keep in mind, those receiving these messages should be trained to send them to the appropriate personnel.
Protect your Publishing Platforms
Secure the platforms you use to publish content to protect yourself and prevent the uploading of files that could infect your site, your visitors and especially your employees. Do not allow others to upload files without first scanning them for potential risks and keep account credentials secure to prevent malicious actors from publishing their own content to your site.
Skoda Minotti’s Vulnerability Assessment and Penetration Testing services evaluate your network and web applications to identify vulnerabilities and provide remediation guidance. Our streamlined processes and certified ethical hackers leverage proprietary and open source software along with manual testing routines designed to detect vulnerabilities that were previously unknown with sufficient detail to allow for proper and timely remediation.