As an IT leader responsible for security, you have a lot of challenges. Each year provides a new set of concerns, and you may feel like you are always trying to hit a moving target.
The truth is that you are. Bad actors keep finding new ways to attack new holes in your systems, and you need to stay on our toes all the time.
That said, here are a few quick tips for reducing your digital risk this year.
Get up to date - Number one on your list is of course to make sure that all your systems are up to date with the latest patches, and plugins. Upgrade your applications to the latest versions. If you haven’t already done so, now is a good time to do away with any of your old Windows 7 instances, as it has reached EOL and is no longer supported.
Protect your Identity - Review privacy settings on all applications. If your websites have not already been upgraded to use multifactor authentication, now is the time you should consider doing that. Make sure that you or your employees are never using the same password on any two logins. Have a secure password manager installed on all machines and enforce a strict randomising of password updates. This is one of the weakest points of security in any system and getting people out of this habit will go a long way toward preventing breaches.
Cultivate a security culture - Get people used to the idea of security as being a way of life. Find ways of encouraging people to understand their secure systems. Reward staff for completing training and becoming more aware of any potential vulnerabilities and threats that their activity may have to company systems and security. Communicate success by publishing the names of those who have successfully adhered to these policies.
Be prepared - Always assume that the worst can happen, and that it may already have. Prepare for emergencies. Develop clear plans for disaster recovery and/or data breaches. Work directly with your technology suppliers and business partners to ensure that they have procedures in place; in fact, make it a necessary condition of doing business with your company.
Build your team - Be aware that there is almost always going to be shortage of skills when it comes to Information Security. Regularly train your staff and encourage that they stay up to date with all the latest information regarding various security threats. If you plan to bring on more staff for security, start your hiring process early: there is a shortage of qualified people so assume that it will take longer to fill positions than anticipated. You may need to get around the skills shortage by simply hiring someone with less experience who can be trained up to the level needed. Encourage diversity to widen your talent pool, and consider outsourcing to a managed service provider to fill the gaps.
Take your data seriously - Be aware that customers are becoming more and more savvy about data security. People are choosing brands that respect their privacy. If they believe that you are not, they may likely choose to do business elsewhere. Always put yourself in the shoes of your customers; be clear and transparent about how you use their data.
Look outside - Remember that internal network and perimeter security can only go so far. There is a strong likelihood that important and valuable information about your employees, customers, or systems infrastructure is already being shared and sold by bad actors on both the Dark Web and the Surface Web. Constantly monitor external marketplaces for your information.
Enlist Skurio to help you get started with BreachAlert so you’re always one step ahead of the game and beat the bad actors where they work!