What do Sony, Citigroup, and Coca-Cola all have in common?
Each of these companies has been hacked. And they aren’t the only ones.
Technology companies, including Twitter, Facebook, Apple, and Evernote, have all gone public in the last few months about attacks from sophisticated cybercriminals, as well.
In January, the New York Times admitted it had been hacked in a front-page article, despite use of anti-virus software created by security software maker Symantec. The Wall Street Journal came out shortly thereafter to admit it too had been hacked.
And those are just the companies that have decided to go public about the attacks. Many more companies who have suffered security breaches simply keep it quiet, often based on advice from their lawyers.
Preventing A Breach of Security
Unfortunately, with the sheer amount of data, devices, entry points, and users in the operations of many companies, it’s almost impossible to be entirely breach-proof. To remain competitive in today’s digital age, companies have to facilitate the flow of information.
However, there are preventative measures companies can take to keep key documentation secure and limit the threat they face. Basic levels of prevention include:
-Use a firewall for all computers
-Ensure they are protected with anti-virus, anti-spyware, and anti-malware software
-Keep software up-to-date
-Backup important information in a secure location in case of data loss
-Lock or turn off computers (which should require a password to log in) whenever they are not in use
-Use strong passwords, including upper and lowercase letters, numbers, symbols, etc.
-Encrypt wireless routers
-Educate employees on common “human hack” techniques, such as phishing (which is what allowed the New York Times to be hacked), and how to avoid making their work computers vulnerable
Each of these is an added layer of protection between a company’s computers and a cybercriminal. However, for highly sensitive data (e.g., credit card numbers, financial account information or intellectual property), additional measures should be taken.
Strong preventatives include:
-256-bit encryption of files during file transfer
-Multi-factor authentication for logins
-Audit logs to determine who has accessed sensitive documents and when
-Permission-based roles, set in accordance with who needs to access the information and why
Top-level security also includes storing your sensitive information in a physically-secure data center, such as that provided by a secure virtual data room.
Handling a Security Breach
Of course, even with the best intentions and with security measures in place, there is always a small chance that a breach can occur at any company, so create a Security Breach Plan in advance.
Such a plan sets out the company’s strategy for limiting threats, closing vulnerabilities, and repairing the impact the breach has had. It should include whether or not the company will go public with the information and how it will protect its reputation, augment its resources, mitigate regulatory impact, control spending, and prepare for potential litigation.
With both preventative measures and a security breach management plan in place, a company will be as prepared as possible against the possibility of a cyberattack.