Don’t be tomorrow’s next big data breach headline

Are you one of the 143 million affected by the Equifax breach? According to a Forbes article, this isn’t the first time they have experienced a breach, and there could be many reasons for the current breach including cross-site scripting (XSS) and failure to update old technology. A researcher discovered a link in the source code on the Equifax consumer sign-in page that pointed to Netscape, a web browser that was discontinued in 2008.

Last year, Yahoo was one of the big cybersecurity stories that brought to the forefront just how damaging a breach can be. And it’s not just a company’s reputation that suffers. The losses from security breaches can be measured in billions of dollars. It only takes one breach to bring down a company’s reputation and wreak havoc on their business.

Is there a sure-fire way to prevent a data breach? No, but following a few guidelines can help immensely with prevention efforts:

  • Monitor access to your data - require multi-step authentication processes for employee access, verifying business reasons for each system access, logging and monitoring employee use to identify unusual system patterns or behaviors, installing secure internet access points, and using IP address profiling to prevent any unauthorized access.
  • Change passwords frequently - something as simple as a password can be detrimental to the safety of your data. There are many preventative actions when it comes to passwords, including using longer passwords with a variety of numbers and symbols, different passwords for different systems, and mandatory password changes every 90 days.
  • Keep software up to date - install anti-virus software on servers and implement application firewalls. Any software or programs that are not up to date can increase risk and serve as an entryway for cyber-criminals.
  • Schedule on-going risk assessments - the digital world is constantly changing and by adding new tools to your business you may also take on greater risk levels and/or liabilities. With periodic assessments, you can assess new areas of concern for potential security risks. Additionally, make sure your written Security Policy is up to date.
  • Use a Defense-in-depth approach - install intrusion detection and prevention, security information and event management, web application security, database security, and endpoint protection systems. These solutions should leverage traditional signature-based approaches, and new behavior-based, machine learning driven technology.

Executives and Board Members do not want to be the next big headline. Stay on top of your security procedures using the guidelines mentioned above. If you are finding it impossible to hire and retain full-time security expertise, leverage a Managed Security Service Provider (MSSP) you trust. You need expert guidance to harden systems, monitor them with a 24X7 SOC, and keep current with the rapidly changing threat landscape.

Here is a recent post on 7 Reasons to Hire a virtual CISO.