Every business small or large is exposed to security risks.
According to the identity theft resource center the number of data breaches are on the rise. The number of U.S. data breaches tracked in 2015 totaled 781, according to a recent report released by the Identity Theft Resource Center (ITRC) and sponsored by IDT911™. This represents the second highest year on record since the ITRC began tracking breaches in 2005.
Many business owners believe that cyber crime is something that only happens to big corporations, however times have changed and cyber criminals have realized that most small to medium businesses are inadequately prepared or lack an overall information security strategy. The sophistication of attacks have rendered traditional defenses such as firewalls and antivirus and malware ineffective against todays threats. The only way to deal with these threats is by continually improving your security posture on a regular basis.
While many businesses take adequate precautions to protect their business from physical theft, they do not apply the same principles to cyber security. If you live in a City of 100,000 people you have the chance that one of those people may break into your building. When you are online, your attack window opens up to 3,000,000,000 people online that could potentially hack into your business and steal from you. The scary part is that you may not even realize its happening until its too late.
What can you do to improve your security posture:
- The ISO 27000 information security standard is a great resource for any business to ask the question "What should I be looking at?" While there are many
- Not every item in the standard makes sense for every business however there are many controls that simply make sense for any business.
- Once you decide on which controls are needed, the next step is to formalize policies around those controls.
- Have a solid backup and recovery strategy that is tested on a regular basis. Look at not only whether the backup is successful but whether the strategy you have taken will get you back up and running in an acceptable timeframe.
- Finally, any policy that you implement should be enforced. How do you measure and manage the performance of those controls? The IT investments that you make should provide you visibility into how your business is performing against those established policies.
- Many organizations forget to screen their employees yet many attacks happen internally by disgruntled employees. Putting controls in place to identify assigned assets, secure key IT services, proactively screen employees before hiring them, and having contractual agreements in place are a great start.
- For companies that are using office 365, there are great security and compliance features that can be enabled to protect information from leaving your organizatoon.
- Talk to your insurance agent about cyber security insurance available for your business.
There are alot of resources available by governments as well.
Canadian Cyber Incident Response Center - https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-en.aspx
US Cyber Security Emergency Center - https://www.us-cert.gov/nccic
How can we help?
- As part of our Best Managed Technology Systems standard we have incorporated many controls to immediately improve the security posture of your organization.
- We can quickly provide you with the people, processes, and tools to implement a proactive security strategy, help make your employees more security aware and improve your overall security posture.
- We can quickly conduct a security vulnerability assessment to identifiy any issues that you may have.
- Many organizations are proactively patching their software but this doesn't identify mis-configurartions, end of life technology and other weaknesses. Our services include comprehensive vulnerability assessments that show you an in depth view of your security posture both inside and outside your network .
- Security is ever evolving. You are never done. Having the right balance of risk, cost and protection can help