7 Ways to Stay Ahead of Hackers and Keep Your Company's Data Safe

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://finance.yahoo.com/news/7-ways-stay-ahead-hackers-204500298.html

When news about a data breach breaks, it’s tempting for people to just roll
their eyes and return to their overflowing to-do lists. But these threats
are getting closer and closer to seriously affecting individuals’ own
precious data. Turning a blind eye could be the death of their budding
businesses.

Big-name Sony Pictures is the latest in a long line of brands that have
garnered attention for the wrong reasons. In November, Sony was hacked,
leaving a number of financial records vulnerable after one of its servers
was compromised -- not to mention the embarrassing pre-release of a bunch
of moviesthe company didn’t want out yet, which is immeasurable in the
amount of revenue it will lose.

The U.S. Postal Service is another scary example. The breach, which
potentially endangered more than 800,000 employees, customers and even top
directors’ data, shows just how easily threats can undermine even the most
trusted organizations.

Yet, many people still think that data-hacking is at a safe distance.
They’re aware of threats on the horizon, but because they’re not directly
affected, they don’t spend the time and money to build secure practices.
However, members of the business community can’t allow themselves to become
immune to the bad news of each new breach.

The scariest thing about the data-hacking trend is that no one knows what
form it will take next. That being said, business leaders need to arm their
businesses now so they can adapt to the next threat. Here are seven steps
to get started:

1. Build the business around security.

Security needs to be built into every aspect of a business. Establishing
security controls often becomes more complicated the longer businesses
wait, so it’s easiest and safest to found every aspect of a business with
security in mind.

2. Strengthen every link in the chain.

As Sony discovered, it only takes one weak component to destabilize a whole
business. Train every single employee to have security awareness. When
working with engineers or third parties, make sure they have secure
mindsets and don’t allow anything to be distributed until it’s absolutely
secure.

3. Get your workflows right.

Secure DevOps isn’t a buzzword. Build awareness and adjust methodologies so
security becomes a part of the cyclical workflow. If software is produced
internally, be aware of development and operations workflows, and be
constantly thinking about how operations can be connected with development.

4. Encrypt just about everything.

Follow best practices when it comes to encryption. Encrypt web traffic and
make sure laptops have encryption turned on.  Most vendors, including
Apple, have the capability to remotely wipe information if a device is
compromised. Use it.

5. Invest in security.

Just like any other part of a business plan, security needs to be budgeted.
Attackers often have the latest tools and adapt quickly, so  benchmark
spending and invest in ahead-of-the-curve technology. The price tag for
security needs varies, so regularly reassess and reinvest.

6. Build awareness into your continuity plan.

If “security response” hasn’t been rolled into the continuity plan, do so
immediately. If a reliable way to solve security problems does exist, then
it’s through awareness of threats and tools. Be constantly aware of the
risks, and prepared to react against security slips.

7. Unite against hackers.

Don’t face the problem of data-hacking alone. Businesses can build safety
in numbers by spreading awareness about secure practices, uniting with
others and encouraging everybody to be aware of the latest developments in
threats and protection.

Expert, dedicated hackers are patient criminals. They’re ready to adapt and
bring new, unforeseen infringements into the next news bulletin. But next
time, instead of rolling their eyes, business leaders need to show them the
force of up-to-the-minute technology, well-funded strategies and aggressive
resistance. Data’s integrity depends on it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!