'Tis the Season For…Reassessing Your Security Posture
As we near the end of another year – a year that as of the beginning of December has seen 708 data breaches publically reported resulting in an estimated 81,501,185 records exposed* – now is the perfect time to reassess and optimize your organization’s security posture to prepare for the impending cyber-threats of 2015.
As technology evolves - with more data than ever being shared, stored, and accessed remotely - and with threats becoming ever more sophisticated, businesses need to ensure their approach to security adapts and evolves as well. This means frequently re-evaluating existing defenses and practices to meet the rapid changes inherent in managing critical data in a connected world.
If you’re not routinely reevaluating current systems and practices, or have yet to consider what steps to take to protect your organization, these simple recommendations will get you started on enhancing your security position to meet the challenges of a new year.
-
Perform a check against the regulations to which both you AND your customers are subject.
This can take many forms, from government regulations and contractual obligations, to those required as a result of membership in a trade association or via certifications and accreditations.
This can take many forms, from government regulations and contractual obligations, to those required as a result of membership in a trade association or via certifications and accreditations.
-
Holistically evaluate your organization’s preparedness procedures.
Is your business set up to handle the latest cyber threats? Does my business look similar to others that have been victims lately, whether the threat is from hacktivism, cyber criminals, cyber terrorists. Do you have policies and procedures in place for a potential attack? Is an encryption program in place to prevent third parties from recovering sensitive data should it be lost? Do you know where your data is, who has access to it and how? These are just some of the questions you should answer to determine your readiness in the event of an attack.
-
Get pro-active: perform a threat strategy assessment.
Ideally, threat analysis should be a recurring process, performed at frequent intervals to establish that current security defenses are working as intended. However, if your organization has not done so in the last 12 months, both internal and external information vulnerabilities need to be matched against real-world attacks. Testing current threats against your organization’s safeguards and best practices in varying conditions will give you a clearer picture of the integrity of your security systems.
Lastly, do a personal audit of your own passwords and security defenses. Passwords should be changed regularly, but without being prompted or compelled to do so – as businesses often require of employees - we often become complacent and leave ourselves vulnerable. Security tools must also be updated to perform effectively. Be sure you’ve downloaded and installed the latest versions of the tools you use so that security patches and other necessary refreshes of critical features enable them to operate successfully.
*according to idtheftcenter.org, Dec. 2, 2014