Cybersecurity resolutions for 2018
2018 is already well underway, but it's not too late for businesses to enact the resolutions that will protect themselves and their customers into the new year and beyond.
1) Serious about cybersecurity: Cyber attacks are a problem for organizations of all sizes, posing threats to a company's infrastructure and security. Preparation is key to mitigating risk from ongoing cyber hazards, with the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security partnering on an online initiative encouraging every workplace to guard itself against hackers. NCSA offers a slate of webinars to gird small- and medium-sized businesses from harm, while a Federal Trade Commission guide informs companies how to safeguard their sensitive information.
2) Teaching the breach: The Equifax data breach potentially exposed the personal data of over 100 million Americans, an attack that could impact businesses and consumers for months or years to come.
Employers can take measures to shield themselves and their customers from future breaches, including performing due diligence on contracts they have with Equifax or other companies than handle confidential information. Updating internal passwords, using multifactor authentication to retrieve sensitive data, and tougher client verification procedures can all help lessen an employer's risk of becoming the next Equifax.
3) Catch the phish: Phishing scams are a growing area of concern, as business emails can be compromised by hackers targeting employees with access to company documents. "Spear-phishing" emails and malware are used to infiltrate organizations, with scammers luring workers via official-looking emails asking for financial data, or even requesting money.
Hackers often use spoofed emails that appear similar to a legitimate account, so employees should know to scrutinize email addresses for discrepancies. In addition, companies must work closely with IT staff to flag suspicious emails with similar extensions to the organization. For instance, the legitimate domain name @xyzbusiness.com could flag fraudulent email domains, such as @xyz_business.com or @xyzbusines.com.
4) The IoT ecosystem: More smart devices are connected to the ever-growing Internet of Things, meaning companies need to address vulnerable, Internet-connected areas and create response plans that factor directly into IoT-specific risks.
When implementing IoT applications, organizations must build security testing into the development process, experts say. Businesses should also be educating workers on the dangers of bringing personal devices into the office and using those devices to access privacy-related data.
5) A team response: A dedicated data breach response team will strengthen any cybersecurity defense plan a company has in place. Having a team on call allows a business to both anticipate threats and form an immediate counter to a cyber attack.
OPENonline is a trusted source for comprehensive background screenings. For more information, visit our website.