For far too many companies, cybersecurity is reactive. The first step is to triage the threat, after which breach remediation can occur.
By the time triage happens, however, much of the damage has already been done. Even if no customer data is stolen, breaches must be reported by law. At that point, reputational damage is unavoidable.
Reactionary measures should be a second- or third-line defense. Rather than start with triage, take these steps to prevent breaches in the first place:
1. Update software religiously.
The same virus protection software you used in 2008 will not be effective today. The reason is that new programs have different vulnerabilities than past ones. The same is true of business software.
Patches are updates put out by software vendors that cover known vulnerabilities. Encourage your team to download patches as soon as they’re available. Most data breaches are crimes of opportunity in the sense that hackers play on vulnerabilities people should have already patched.
2. Run penetration testing.
To find out just how secure your company’s systems are, run a test: Ask a cybersecurity expert you trust to try to break in. Often called “ethical hackers,” these people help you find weak spots before criminals do.
Penetration testing is key for custom-built and legacy systems. Because they aren’t mass-market software, the vendor typically doesn’t put out patches. Focus particularly on areas commonly highlighted by your SIEM system.
In some cases, penetration testing can be done automatically with software. In other cases, it must be performed manually. In either case, the goal is to identify vulnerabilities so the sponsor can get ahead of them.
3. Implement a SOAR system.
Your SIEM system can spot threats, but it can’t stop them. Data security consultants like StratoZen suggest using SOAR security to automate your security response.
Even if you have top-notch security experts on your team, they can’t act immediately. Understanding the threat, much less stopping it, takes time. Automation tools kick into gear as soon as they spot suspicious activity on your network.
4. Use multi-factor authentication across the board.
Many programs require nothing more than a username and password to log in. The trouble with that system is, passwords can be guessed, stolen, or cracked by brute force.
Implement multi-factor authentication as a backstop against password vulnerabilities. Using either an associated token or mobile device, multi-factor authentication systems require the user to enter a secondary security code. Unless a cybercriminal has also acquired the device or token — or goes to a lot of trouble, like spoofing a cell tower or domain — they can’t get in.
Take a “when in doubt” approach with multi-factor authentication: Even if you don’t store sensitive data in a particular program, someone may be able to access other systems via an API.
5. Restrict access to sensitive data.
Not everyone on the team needs access to every byte of company data. Marketers shouldn’t be accessing customers’ payment data. The finance team has no reason to poke around the company’s intellectual property.
The more people who can access a certain database, the greater the likelihood one of them decides to do something malicious with it. Plus, it makes tracking down the culprit that much more difficult.
Operate on an as-needed basis: If someone truly does need access to data unrelated to their job duties, they can ask their manager for approval.
6. Train everyone — not just the IT team — on cybersecurity.
Even if you apply patches like clockwork and penetration-test your own network, you aren’t out of the woods. Because most data breaches are the result of human error, employees who are not on the response team should also receive cybersecurity training.
Cybersecurity is like customer service in the sense that everyone can benefit from learning more about it. Anyone can invite malware in, so everyone must be responsible for keeping it out.
Many best practices in cybersecurity require no technical training. In your training, ask the team to:
- Be wary of emails and links of unknown or suspicious origin.
- Always use unique passwords.
- Never share company data or passwords without confirming the recipient’s identity.
- Avoid connecting personal devices to the company’s network.
- Never send sensitive data over public Wi-Fi networks.
The best defense is a good offense. Rather than trying to triage data security threats as they appear, take the initiative. If you stop even a single threat, your time will be worth it.