Some Tips to Keep Your Enterprise’s Cybersecurity Intact

source: http://northrupcorporation.com

It’s forecasted that the global cost of cybercrime will reach $2 trillion by 2019, almost 4 times the estimated cost in 2015, and further, a survey of 540 organizations throughout North America, the UK and Germany found that nearly half had been attacked with ransomware within the past year. Pair this information with the biggest cybersecurity disasters of 2017, such as the 8,761 documents that were allegedly stolen from the CIA, called CIA Vault 7 and which revealed ‘the majority of [the CIA] hacking arsenal including malware, viruses, trojans,’ etc., and we have a perfect storm in the form of a cyber threat.
Even worse, everyone’s a target — from the smallest SMB to the biggest enterprise — and we’re seeing more and more brazen attacks (see the leaks and hacks we’ve seen in the news, such as the HBO extortion attempt). Worse still, you can have a whole nation-state, a criminal organization, or a lone hacker targeting you.
The problem we’re facing with enterprise cybersecurity is that the problem can’t be attached to one specific case; it’s a multi-faceted issue that includes complex IT environments with older legacy systems paired with modern applications, cloud computing that reduces infrastructure costs while throwing its own complexities into the mix, human error and a lot more.
And now we reach the crux of the matter: improving your enterprise’s cybersecurity.

Improve Enterprise Cybersecurity

Being part of an enterprise that’s comprised of many individuals, one of the first and most important things you should do is educate your employees on proper ‘cyber hygiene,’ which includes adapting secure email habits, keeping an eye out for insiders and human error, and using all the tools/information at your disposal that aim to reduce the odds of a cyber threat.

As anyone with a corporate account that receives dozens or hundreds of emails every day can attest, spam and phishing attempts run rampant. Even though spam filters catch the majority potentially harmful emails, it’s still important to uphold alternate safeguards that act as a secondary line of defense. For example, viewing emails in plain text removes malicious links and embedded viruses that may be hidden ‘between the lines.’ Additionally, a good idea is to use multiple email accounts for differing purposes — you can use a primary email for internal communication within the organization and a secondary one for subscriptions and similar things that are wont to attract fishy emails.

source: http://www.securelaptop.org

There are many guides you can use to reduce the possibility of a cyber threat. One such guide, the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, was actually developed in response to President Barack Obama’s Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. Primarily developed by NIST with private sector input, the framework outlines an action plan for organizations to better manage and reduce cybersecurity risks, and also seeks to foster risk and cybersecurity management communication. More specifically:

“The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks. It will assist in determining which activities are most important to assure critical operations and service delivery. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity. By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. That includes improving communications, awareness, and understanding between and among IT, planning, and operating units, as well as senior executives of organizations. Organizations also can readily use the Framework to communicate current or desired cybersecurity posture between a buyer or supplier.”
Keep in mind that the framework is a guide, so you should customize it for your specific industry and organization.

One final point we’ll touch on today involves people — whether those with malicious intent or those prone to mistakes. On the former, insiders can be employees seeking financial gain through data manipulation or disgruntled employees with an axe to grind. On the latter, accidents happen. An employee may accidentally open the wrong email, divulge the wrong information, and may perform many similar actions in which the cyber threat was completely unintended.

source: https://securityintelligence.com

To counter this, make sure to increase cybersecurity awareness, develop strategies for specific instances, test said strategies, and educate all employees on enterprise cybersecurity, including password management and what they share on social media.

Final Thoughts

With cloud computing, the rapid rise of the smartphone, and other technological advents, guarding company data has never been harder or more important. As such, make sure to keep backups of critical data — just make sure that the backup itself doesn’t have any malware — keep an eye on privileged accounts that are frequently targeted, set-up multi-factor authentication processes, and keep in mind everything we covered today.