The WTIA recently hosted an IT security panel discussion on data breaches and how companies can work to prevent them.
Our own, Lee Pallat, Director of Cloud Strategy, led the discussion, along with panelists Jeff Costlow, Software Security Architect at Tempered Networks, Johnathan Norman, Co-Founder and Cloud Solutions Architect at Alert Logic, and Steve White, Director of Security and Compliance at CenturyLink Cloud.
Here are a few key takeaways from the security panel:
- It’s not a matter of if your company will be hacked, but when your company will be hacked – prevention and knowledge are key to prevention.
- A good security solution shouldn't slow down your employee’s productivity.
- You need to protect your company from end-to-end – from servers to end-user devices.
- Separate the reality of an exploit with its potential impact; be careful of the hype cycle.
- Recommended data breach reading – “The Exploit Intelligence Project”, written by Dan Guido, a security specialist with iSec Partners.
- C-Levels and board members are starting to pay attention to security risks – invest in prevention now.
- Pay attention to current class-action law suits; there are lessons to be learned. Data Breach Today is a good source for the latest news.
- Developers are pressured to write code quickly, don’t throw them under the bus. Hire a separate entity or third party to test the code.
Here is the recorded IT Security Panel discussion in its entirety if you would like to hear more about breaches.
For more cybersecurity prevention tactics, keep reading. Below are Seven tactics from an Entrepreneur.com article put out earlier this year -
Build the business around security
Security needs to be built into every aspect of a business – you are only as strong as your weakest link. Keep this in mind when bringing on new vendors, services and applications.
Strengthen every link in the chain
It only takes one weak component to destabilize an entire business. Train all employees on security awareness and possible ways hackers can get in – adopt a “trust no one mentality”. Make sure you are aware of the security measures your vendors are taking and where their responsibility ends and yours begins.
Get your workflows right
Build awareness and adjust methodologies so security becomes a part of the cyclical workflow. If software is produced internally, be aware of development and operations workflows, and be constantly thinking about how operations can be connected with development.
Encrypt just about everything
Follow best practices when it comes to encryption. Encrypt web traffic and make sure laptops have encryption turned on. Most vendors have the capability to remotely wipe information if a device is compromised.
Invest in security
Just like any other part of a business plan, security needs to be budgeted. Hackers often have the latest tools and adapt quickly, so benchmark spending and invest in ahead-of-the-curve technology. The price tag for security services vary, regularly reassess and reinvest. When it makes sense, outsource security prevention or parts of your security prevention plan to external experts. They have access to the latest and greatest trends, tools, and tactics.
Build awareness into your continuity plan
If “security response” hasn’t been rolled into the continuity plan, do so immediately. If a reliable way to solve security problems does exist, then it’s through awareness of threats and tools. Be constantly aware of the risks, and prepared to react against security slips.
Unite against hackers
Don’t face the problem alone. Businesses can build safety in numbers by spreading awareness about secure practices, uniting with others and encouraging everybody to be aware of the latest developments in threat protection.
To identify any gaps in your current security solution, schedule a complete IT infrastructure assessment with one of our experts here.