Phishing, Endpoint Management, Compliance Maintenance, Disaster Recovery, Cloud-Based Migrations
How to best use and store data, as well as securing that data and systems are some of the top issues that organizations deal with daily. No matter size or revenue, any company can be targeted and must protect its information. Whether it is a phishing attempt; endpoints that are not secure and are breached; falling out of compliance; improper use of cloud technology and best practices; or recovering data after a disaster, organizations must be alert and prepared.
According to the Ponemon Institute and IBM “2018 Cost of a Data Breach Study,” the average cost due to a breach is $3.86 million worldwide. In the U.S. that number increases to $7.91million. A security breach not only hits an organization financially, it can impact its reputation and the trust of customers. In addition, there is potential for fines and penalties for a breach that allows access to consumer information.
Sometimes it is the most innocuous attempt to crack through security that makes it inside of an organization’s system. Phishing attempts to obtain sensitive information costs organizations about $500 million a year, according to a 2017 Forbes article. And phishing may be one of the most difficult cyber security attacks to control since they could reach any employee through email, and some employees may not realize the potential damage to clicking a link or may believe it is a legitimate message. Phishing attacks can also come through text messages and phone calls.
Phishing emails can appear to come from legitimate websites, banks, trusted companies or even from within the same organization. They often request personal or company information or may contain links connected to malware. To control phishing within an organization staff must be informed of policies and reminded of those policies, including ensuring they:
- Never click on questionable links
- To determine link validity, hover over link to verify its authenticity, i.e., does the URL match the website stated in the email?
- Report phishing attempts to IT
Several phishing attacks made news this year, including an attack using compromised MailChimp accounts that sent out fake invoice notifications and an IRS warning to tax professionals about criminals posing as state accounting and professional associations sending emails to obtain usernames and passwords from tax professionals to access accounts and steal client data.
Securing an organization’s system is challenged today by an increasing number of endpoints – workstations, laptops, tablets, smartphones, Bluetooth accessories and servers. Endpoint management ensures that processes and protocols are in place to restrict network access from unwanted devices, ransomware or malware. Without a diligent focus on endpoint management, organizations can find themselves vulnerable to attacks.
Endpoint management begins with analyzing the system to know what devices are connected and any associated risk. Add to that, appropriate monitoring and patching on an ongoing basis to protect systems from hackers, ransomware and malware.
According to information from the National Institute of Standards and Technology (NIST), as of late October, there were 14,205 new Common Vulnerabilities and Exposures (CVEs) received this year. And, according to the Ponemon Institute’s “2017 State of Endpoint Security Risk” while 69 percent of companies said that endpoint security risk to their organizations had significantly increased over the previous 12 months, only 36 percent had the necessary resources to address the risk.
Compliance Maintenance is essential to avoid security breaches that could result in penalties and a loss of business. Most data breaches occur outside of an audit when organizations are not focused on these measures. But work does not end once certification is complete because data security and compliance maintenance are ongoing needs.
Hackers continue to find new, sophisticated and aggressive ways to exploit a system’s vulnerabilities. According to Heimdel Security, 99 percent of all computers use software that is vulnerable to attack if not updated properly.
To ensure continued compliance, there are tasks organizations should be handling weekly, monthly, quarterly, bi-annually and annually, required for data security certifications and regulatory compliance.
Due to the uncertainty that comes along with a disaster, organizations must ensure Disaster Recovery is an integral part of doing business. The set of policies, tools and procedures enable companies to recover or continue its vital technology infrastructure and systems to support critical business functions, even within a natural or other disaster.
To ensure disaster recovery success, organizations need to setup and test communication and decision tree processes:
- Who is making executive decisions in a disaster? What if they are not available?
- Who is executing technical functions? What if they are not available?
- How and when will employees be notified that the office space is not accessible?
- How frequently will executive level communications be sent?
- How frequently will communications with employees be sent?
- Consider moving your data to the cloud so it can be accessed from anywhere even in the wake of a local disaster.
Migrating data, applications and business elements to a cloud computing environment, not only offers automatic software updates and allows people to work from anywhere, it can improve security and disaster recovery.
First, organizations must understand their application needs by:
Evaluating backup solutions to ensure cloud integration is supported
- Performing data migration activities and then testing application functionality
- Knowing what data is being put into the cloud and the associated standards, regulations or laws
- Evaluation of the cloud provider’s data security capabilities and certifications
- Ensuring the same controls already being met with data security at the physical office locations are met within the cloud environment.
In today’s business world, Microsoft Office 365 has become the standard for disaster recovery and backup.
Using, storing and securing data will continue to be top of mind business practice. Ensuring organizations are handling the tasks correctly is key. Hackers will continue to try to infiltrate organizations to gain valuable information, organizations must be diligent and follow best practices to ensure security, as well as handling disaster recovery.
TECH LOCK experts can help you to better understand the trends and assist your organization appropriately address critical needs. For more information, contact TECH LOCK by clicking here.