Protecting Data from Cyber Security Breaches4 May, 2015 By: Kathy Vogler, PERRY proTECH
The news is full of cyber security breaches; it is a continual problem and affects everyone. I think there are a lot of misconceptions that are proliferated by the non-experts who now have a social voice, and by those with ulterior intentions. Let’s break down the basics which I will address in two sections: Your company’s risks (from exterior and interior sources) and: The risks your company may have if you are accessing data at your customers’ sites.
Internally, your company needs to be protected by computer security. The CIA uses a triad theory of protection: Confidentiality - Integrity - Availability — at the heart of information security. Additionally, many IT security measures add Accountability. The goal of cyber security is to protect data both in transit and at rest. Due to our increasing dependence on information technologies, we also need to address physical security to prevent theft of equipment or information. And, just as important, you will need to include counter-measures such as access controls, awareness training, risk assessment, penetration testing and audits.
It’s important to be proactive and manage your vulnerabilities by continually monitoring your data and equipment to identify potential threats, plans for remediation, and address mitigation of those discovered vulnerabilities. This is not a one-time occurrence; it’s an on-going battle that requires attention. There are a number of ways to secure your systems, though none of these are fail-proof. Your computer system is only as secure as your weakest link.
Do you have these measures in place and keep them continually updated?
• User access controls
• Firewalls that are properly configured
• Intrusion detection systems
• Up-to-date software and patch management
• Current antivirus and endpoint security for software & hardware
• Backup systems and off-site storage
• Data encryption
•Intrusion detection processes
•A proven disaster recovery / business continuity plan
These measures help, but only with the data and hardware that you can control. Consider the proliferation of BYOD (bring your own device) and that many of your users opt to use cloud-based systems that may or may not be authorized and/or install software and use devices that may be wide open to cyber-attacks. Mobility is an important feature in our work lives but it also opens the proverbial Trojan Horse.
In a recent study by Spector Soft, 47% of companies reported that a former employee took information with them when they left the company, 49% have discovered that employees routinely copy corporate data to USB storage devices, 33% of their end-users reported they transfer work information via personal accounts such as Gmail, and another 23% of those end-users send information to cloud services such as Dropbox. This same report indicated that 44% of insider breaches include intellectual property such as business plans and technology designs.
Unfortunately, the majority of IT security solutions are not designed to defend against insider threats. These solutions don’t stop the action and are not capable of signaling a threat. An estimated 53% of company users are accessing consumer-built cloud services on company-issued computers to transfer corporate data. Scary!
Everyone has heard about the retail chain store Target’s disaster and security breach. Did you know that this malware was actually transferred to the Target network by a vendor? Do you have access to your clients’ networks? Are your people trained to understand the risks and liabilities of an accidental or malicious breach of a clients’ data?
Nearly all US states have data protection laws in place that include legal protection for such things such as Social Security numbers, credit card information and banking records. Do your employees access the network at clients that fall under PHI (protected health information)? Will your clients want to protect their trade secrets, their employees, their customers? The owner of the data is responsible and vendor or third-party breaches rank among the top four types of data theft. The average cost of a data breach is $7.2 million and that correlates to about $210 per compromised record. According to McDonald Hopkins, about 90% of cyber-attacks are avoidable through simple or intermediate controls.
Protection of your data is not something to take lightly or leave in the hands of do-it-yourselfers. You need experts designing your strategy and keeping a watchful eye on the operations.
Kathy Vogler is Communications Manager at leading technology, business and solutions provider, PERRY ProTech. For detailed company information, and Kathy’s blogs, visit