Information Security Tips for Large Organizations
It seems these days like the majority of companies are starting to get over the “it will never happen to me” mentality, and have realized it’s not a matter of IF, but WHEN.
In July we blogged about Information Security Tips for Small Businesses, now it’s time to break down what large organizations need to be doing to ensure their helping build up their cyber security.
1) If you don’t already have one, build your security policy.
Any business that wants to succeed in today’s market, needs to have security standards. Cybercriminals are not just targeting technology or financial industries, as demonstrated so far in 2016 – any industry is a target. Attacks are becoming more frequent, and more damaging, and by companies not prioritizing their security posture, is a costly mistake.
From a basic standpoint, companies should be at the very least including the following to their cyber security policies:
- Identify risks related to cyber security
- Establish cyber security governance
- Develop procedures and policies as well as oversight processes
- Protect company networks and information
- Identify and address risks associated with remote access to client information and fund transfer requests
- Define and handle risks associated with vendors and additional third parties
- Be able to detect unauthorized activity
2) Understand exactly what generates corporate cyber security risks.
Malware, and sabotage, and phishing oh my! If you’re overwhelmed by all the potential areas of attack that your organization can succumb to, well then you’re actually a step ahead of most of your competitors. Most companies, simply fail to understand the vast potential areas that are vulnerable to an attack. Security risks are not always as obvious as a virus, a phishing email (yes we realize some people are completely oblivious to these), and a disgruntled employee sabotage. There are many different areas that a cybercriminal can exploit. Using the following chart can help organizations to understand the risks, and create a plan to help alleviate these risks in the long term.
3) Realize that your weakest link is, in fact your employees.
Behind almost every single cyber threat and attack, companies have the ability to pin point the source to have originated within your organization. It’s not always a disgruntled an employee working to sabotage the company, quite often it’s an uninformed employee with no malicious intent, just a lack of training. Employees who are not trained in today’s best security practices, are known to click suspicious emails, or visit restricted websites – and they pose an enormous security threat to the safety of your data.
Which leads us to …
4) Implement an Information Security Training Initiative
The best way to combat your human error is to institute a company-wide security awareness training program. This can be in the form of a formal training session, security awareness website, or even training material posted in common areas to serve as a reminder. Regardless of your form of methodology, the following information should be included in the training:
- Your organization’s security policy
- Data classification and handling
- Workspace/desktop security
- Wireless networks
- Password Security (really we can’t stress this one enough)
- Phishing and malware attacks
5) BYOD and “The Cloud”
SMBs and enterprises have adopted a “Bring Your Own Device” option to security, that allows employees to use their own smartphones or tablets. While this is a great option, that gives employees flexibility, there are security concerns that can arise from this. Ensuring that networks are being consistently monitored is a crucial step to let this BYOD policy continue. According to a Dell report:
- 93% of organizations allow personal devices for work
- 31% of end users access the network on personal devices
- 24% said misuse of mobile devices/operating system vulnerabilities is the root cause of their security breaches
Cloud computing is also becoming a widely adopted infrastructure and brings a different breed of threats along with it. As we have seen in the media in the past year, the cloud is not impenetrable. As cloud usage continues to serge forward, ensuring that it is included within strong security policies is key.
6) Money talks
There’s no need to sugar coat this one – cyber security is expensive. It’s costly to ensure you’ve got the right talent, equipment, technologies and training programs in place, and budgets can be tight. Here’s the thing … cyber criminals know this too.
Ensuring that everyone who is involved in making the critical decisions is on board with having cyber security be a top priority is the first step. Yes, we realize that it is a lot easier said than done, but think of it this way – your security policy is the immune system of your company. Strong policies ensure that even the strongest virus strains have a minimal effect. Weak policies can leave your entire systems infected and places you in a tough position to recover from. Setting a budget to build up your cyber security will be less expensive in the long run should you end up seeing your company in a recovery situation that could end up costing millions.
7) HAVE A RECOVERY PLAN!
In an ideal situation, your security defense should prevent you from ever having to fall back on your recovery plan. However, today’s world that does not cut it with consumers, and they want to be assured that if their information ever does fall into the wrong hands, that you have a plan to recover it. Having a recovery plan can cut down response time, and allow your systems to be up and running faster. This will save you money, time and most importantly help to repair any reputational damage caused by an attack.
8) Watch out for the ever-evolving risks
With the continuously evolving viruses of today, it’s the one risk that there is not a lot you can do about it. However, you can ensure that you are as prepared as possible, especially against polymorphic malware that is constantly changing. For larger organizations, you need more than one cyber security solution to keep your assets secure, and your company likely needs another layer of protection on top of your anti-virus. To further protect your systems, acquire products that proactively locate and identify malware, prevent data leakage, blocks access to hacker-controlled servers, as well as patch vulnerabilities for applications that consistently require updates.
Your company’s first line of defense should also be fully automated. Cyber criminals these days have strong, constantly running systems to maximize damage. Follow their design and find a solution that scans all incoming and outgoing traffic to best identify threats and prevent infiltration.
While these steps do take time and capital to implement, ensuring your policies are in place alongside trained employees ensures, and strong solutions allows all branches of your organization to be protected. Better cyber security gives your organization the competitive edge of being prepared for worst case scenario, allowing for peace of mind not only to you, but to your customers as well.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.