Cyber Security – An Overview for
Business Leaders
QUESTIONS? If you would like more detailed information or would like information on how NortheastTel can help your business with Cyber-Security, please call or visit our office today!
(318) 874-7011 • 6402 Howell Avenue, Collinston, Louisiana, 71229
How
often do you hear news of data breaches or cyber-attacks?
·
2017
Average Cost of Data Breach – $3.62 Million – securityintelligence.com
·
Personal
data of 143 million Americans exposed in hack of credit reporting agency Equifax
– washingtonpost.com
·
Target
had 40 million credit and debit cards stolen, exposed the personal information
of 70 million shoppers and experienced a 46% drop in profits in Q4 2013 –
krebsonsecurity.com
·
Hilton’s
$700k fine resulting from two breaches in 2105 could be as much as $420 million
under the new laws.
·
The
FTC estimates that recovering from identity theft takes and average of 6 months
and 200 hours of work.
Almost
daily you can find a news item indicating a new threat or attack. For business
leaders, having the information they need to make sound decisions is key to
protecting your business. The following information is intended to provide a
better understanding of the threats to businesses and the tools available to
protect your business.
WHO? Identifying who the attackers are is the first step
towards protecting your business. Due to the nature of the internet,
cyber-attacks can come from anywhere. The attackers can be nation states,
criminal organizations, disgruntled employees, hacktivists, or the kid next
door.
Of
all of the attack sources listed, the most difficult to defend against is the
disgruntled employee. Because they have already bypassed most or all of the
technological defenses put in place, policies and procedures become your best
defense. And developing detailed policies and procedures will help your
employees to understand the risks and take the necessary precautions to prevent
outside attacks from happening as well.
WHAT/WHY? Businesses also need to identify what the attackers are
after. Some attackers are after monetary gains, some are motivated by ideology,
and some are simply malicious acts of vandalism. This often ties directly back
to who the attacker is.
Most
people immediately think of the financial losses when considering cyber
security breaches. Not only can there be direct financial loss, but each of the
types of losses can also cause additional financial losses.
Loss
of data, ranging from ransomware attacks to damage to hardware. Here the
additional financial loss can be in the ransom paid to restore data, the
internal costs of restoring data from backups, and even the costs of replacing
storage devices and hard drives.
Loss
of intellectual property can range from proprietary information to large scale
theft of data, such as the Netflix hack that ransomed “Orange is the New Black”
and released it to the internet. In losing this type of data, businesses lose
any income that would have been a result of a product or service that is now
available from other resources.
Loss
of productivity can come in many forms. If automated systems are targeted, then
production processes can be shut down. Sales can be affected by disruptions in
websites or point of sales systems. If systems and data needs to be restored,
employees may be unable to perform their duties for an extended period of time.
When
privacy data is compromised, whether it be employee or customer data, there can
be long term problems for those with compromised data and possible legal action
resulting against your business for the mishandling of data. Identity theft can
cause damage not only in the form of debt, but also in ruined credit that can
take years to repair.
The
damage to the reputation of a business that has suffered a breach in data
security can be crippling. Rebuilding the trust of employees and customers is
sometimes a hurdle that cannot be overcome. The best plan for businesses is to
prevent any of these losses through security and education.
WHERE? HOW? Understanding how the attackers are gaining access to your
data will assist in setting up solid lines of defense. Let’s begin with the
internet. The internet is an amazing tool. You can access the internet using
telephones, tablets, laptops and computers – giving you instant access to
information and communication, and allowing you to work from anywhere in the
world. There is no governing body that monitors the internet for bad behavior,
malicious intent, or illegal activities. This means that the job of defending
your business is up to you.
Internet
connections, Wi-Fi networks, websites, email, USB thumb drives and smart phones
all provide a path that can be used to gain access to your data and systems.
The access can be legitimate, but it could also be an attack. Defending these
paths to your data require a combination of technology, education and policies.
Firewalls
provide a technological defense by limiting the types of data that can use the
path between your office and the Internet. Using encryption and strong
passwords on your Wi-Fi networks and email can provide defense by protecting
your network and data from unauthorized access to data and systems. Encryption
can also protect data in the event of lost or stolen devices and equipment.
Social
engineering and social media are used to find weaknesses of policies and
procedures to gain access to data and financial gains. By limiting the
information that is posted on social media, attackers have a harder time finding
the information they would need in order to steal credentials or make requests
while impersonating a business executive.
The
physical threats to your data comes from systems not being secured from
improper access. It does no good to have a password on a system when it is then
written down and left where they can be easily accessed. Data on any movable
device (laptops, tablets, cell phones, and USB thumb drives) should always be
encrypted in the event they are ever lost or stolen. USB drives from unknown
sources should never be connected to your computers.
Viruses,
Malware, and Spyware can reach you in many different ways. By clicking an
unknown link, opening an unexpected email attachment, or even filling out a
form online, you may be opening yourself up to an attack. Making sure your
systems and software are kept up to date will help to defend against attacks
and vulnerabilities.
Insider
and privilege misuse come down to education, policies and procedures. No one
wants to believe that an employee or affiliate would compromise or steal data.
However, the reality is that it does happen, and it is the most difficult type
of data breach to prevent and overcome.
HOW DO YOU PROTECT YOUR
BUSINESS? Ask yourself the following five
questions to see where you are and what areas may need to be addressed in order
to protect your business:
1.
Are my employees adequately educated
about digital threats?
·
Educate yourself and your employees
to be aware of the sources of attacks.
·
Do not use open Wi-Fi networks in
public places.
·
Never trust email.
·
Limit the data you share on Social
Media.
·
Develop a system to alert employees
of threats.
·
Verify the identity of anyone
requesting access to data/systems.
2.
Is my business’s cyber-security
system robust?
·
Install a reputable firewall and configure
it correctly.
·
Protect Wi-Fi networks.
·
Maintain a reputable antivirus
program.
·
Keep computers up to date.
·
Restrict administrator access to
computers.
3.
Are my employees’ mobile devices and
personal computers secure?
·
Use VPN to access networks remotely.
·
Secure mobile devices and only
install Apps from trusted companies.
·
Do not allow employees to use their
own computers or mobile devices.
·
Use multi-factor authentication.
4.
Is my business protected from
emerging threats?
·
Use identity theft monitoring
services to alert you of suspicious activity.
·
Use intrusion detection and
intrusion protection systems in your network.
·
Subscribe to reputable notification
services to alert you of new threats.
·
Audit your network, systems, and policies
on a regular basis.
5.
What can I do right now?
·
Develop policies for financial
transactions that do not rely only on email or text.
·
Never send sensitive data without
encryption.
·
Require strong passwords
·
Have an outside party audit your
network, systems, and policies.
QUESTIONS? If you would like more detailed information or would like
information on how NortheastTel can help your business with Cyber-Security,
please call or visit our office today!
(318)
874-7011 • 6402 Howell Avenue, Collinston, Louisiana, 71229