12 Steps to Mitigate Cyber Threats
By Phil Hamrick
Every organization is susceptible to an organized attack, therefore every organization has to protect all data and prepare for the worst. Hacks are very sophisticated, and cyber thieves are quick to pounce on company targets that don’t regularly patch the software across their whole enterprise. We recently saw this with the Equifax breach. Companies need to put an Incident Response (IR) plan in place (Equifax did not have an IR plan in place). So, what steps should be taken to help avoid such cyber threats? Below is a 12-step plan:
1) Secure buy-in from Senior leadership. This is a must! Balance security budget vs. amount of risk your company executives are willing to assume.
2) Continuous employee education, plus necessity to strengthen policy on PW protection.
3) Monitor network traffic for suspicious activity – can you “see” in & outbound encrypted messages?
4) Upgrade and patch software immediately and promptly. This must be done frequently as patches are released by the software vendor.
5) Implement robust Endpoint security to protect your business from zero-day malware & user mistakes.
6) Upgrade Authentication inside and out – including mobility & IoT policies.
7) Harden external facing web applications.
8) Know where sensitive data resides, then develop data protection strategy to include encryption monitoring.
9) Develop and implement real-time monitoring strategy and analysis of log files and wire data.
10) Implement rigorous application development testing and code reviews.
11) Perform annual penetration assessments and vulnerability assessments.
12) Prepare for the worst case scenario. Develop emergency incident response (IR) plans.
There are several ways Champion can assist our clients in developing IR plans. We also deliver a pre-packed set of Incident Response runbooks that assist with putting policies in place for all types of incidents.
Our SecurityOps team can assist with creating a multi-tiered security strategy. A great way to start is to take our Security survey (https://securityrisksurvey.com/), which is designed to show companies if they have the necessary “tiers” of security and redundancy.
For more information about our security services, visit: https://www.championsg.com/services/security or call 800-771-7000.