“Technology is becoming more and more ubiquitous in the business world, the benefits can be significant, even life changing, but they do not come without threats.”
By Matti Kon, CEO of InfoTech
Advancements in IoT (Internet of Things) coupled with corporations’ growing reliance on technology will no doubt increase cyber-attacks and cybercrimes geared towards a variety of businesses in the next few years. Organizations must be vigilant in their prevention techniques and their reactions to these cybercrimes. As the stakes increase, all organizations should be able to answer these four essential cyber security questions.
1. Do you think like a hacker?
Organized cyber criminals and hacker-groups are systematically targeting major industries, including health care, financial and real estate. They are looking to steal trade secrets, proprietary information, client lists and future product designs. More specifically in the pharmaceutical sector hackers have been targeting patent-protected drugs precisely to steal trade secrets.
This is why it is essential for companies to understand their assets and think like a hacker. It is vital to know why their company is a target for cyber-attacks. Once a company understands why they would come under attack and what their most important company assets are, they can better safeguard their products and proprietary information.
2. Is your software safe?
While a relatively new concern, companies need to be aware of their internal software. Who developed it and what languages are they built on? In light of recent attacks, companies must be aware of how their systems are built. Some software products developed on an open source framework are showing vulnerabilities. Hackers penetrate weak code design, causing bugs or theft of valuable company information. Whether a company uses software products that are built internally or externally, the CEO’s and top level executives must be aware of how these systems are built.
They must understand if the code was built from scratch (which is rare these days) or if the framework utilized came from open source. There should also be a general understanding of the code that the software product was written in. New systems built on recycled code, can open the door for hackers. Understanding your software will allow your IT professionals to better protect it.
3. Are you monitoring company insiders?
Remember the classic movie line; “The call is coming from inside the house.”This is important to keep in mind. Many organizations are surprised to learn that a majority of cyber security violations start on the inside. While many of these violations by employees are accidental, the biggest thieves of company information, intellectual property, and software code are company insiders.
First, we must separate the two. Accidental violations can be reduced by educating personnel on red flags they should look for, including harmful phishing or email scams. Reiterate company policy including the ban on or restricted use of USB’s for company data. A security breach by an unsuspecting employee can wreak havoc on a business. An employee that unknowingly downloads an infected file to their desktop can mean attacks on the corporate server and the destruction of crucial company data, which cannot be reversed.
However, even more significant are security breaches by company insiders who have access to key data and either steal it for themselves or sell it to third parties for huge gains. Internal controls are key to preventing these types of thefts.
- Keep a list of all employees that have access to critical company data and set up controls to watch for external data transfers.
- Use an encrypted email service internally when discussing key data, product development, and sensitive company operations.
- Perform third party assessments by a qualified IT Outsourcing firm to audit company CTO’s, IT technicians and Senior Executives.
4. If your company is victim to a cyberattack, what is your contingency plan?
Cybercrimes are becoming inevitable. A strong offense must be coupled with a strong defense. Once a company has been penetrated, they must react immediately. What has been compromised? Was it confidential employee information? Was it intellectual property? A client list?
Once aware of the exact breach, respond. Turn off company Wi-Fi, change passwords, block any ports on the servers that are open to the internet (public), scan firewalls for viruses or intrusions. If needed, restore a full and clean system backup to make sure bad data is not on servers. Companies also need to be clear and forthcoming about the attack. If employee information has been compromised, immediately send out a memo to staff letting them know what happened. If client information has been stolen, share this with them and give them access to the company’s contingency plan.
Technology is becoming more and more ubiquitous in the business world, the benefits can be significant, even life changing, but they do not come without threats. When companies ensure that their IT department is proactively combating security threats and have significant contingency plans in place, they are greatly reducing their risks of a disastrous attack. If a company does not have a strong internal IT department, they must contact an IT Outsourcing firm to ensure that their products, business operations and employees are protected.