How To keep Your Business safe From Breaches; The Allison Madison Case



What do The White House, Ashley Madison and Target all have in common? They've all been hacked. Over time a data breach is almost inevitable, so here's how to respond when it happens to your business.






We are living in a golden age for technology, but as brilliant as this is for tech lovers like me, every new trend brings new security challenges and these can create a real headache for businesses of all shapes and sizes.

With reports that hackers were recently able to breach the White House’s unclassified computer network, it’s of little wonder that experts have predicted that the next world war will take place online. But how exactly do you secure your infrastructure to guard against breaches and what needs to be done.

Well publicised breaches in 2014 included eBay, JPMorgan and Staples, and in late 2013, personal data from as many as 70 million Target customerswas stolen, including payment card information, addresses and telephone numbers.

The fallout from this event was catastrophic; on top of obvious financial ramifications, Target faced a public relations nightmare with an onslaught of negative coverage and incalculable reputational damage as a result.

In a survey conducted by the Ponemon Institute, 40% of respondents said that they would not use a debit card when shopping at Target or other retailers that had experienced a breach, and 10% said that they would no longer buy from these companies at all.

With the average cost of a data breach for companies reaching $3.5 million (£2.4 million) in 2014 – a 15% rise on the previous year – this is a threat which mustn’t be taken lightly.
"The way that your company handles a breach when it does occur will mean the difference between immeasurable damage and something that can be fixed"

Hackers are using increasingly sophisticated techniques to access infrastructure with malware becoming harder to detect. One example of new ransomware, CryptoWall, has breached over 40,000 systems in the UK in recent months.

Another example of a recently discovered malware, the Dyre banking trojan, is capable of intercepting a user’s online banking login details to clear out the victim’s bank account. Attacks like these are becoming more prevalent and in the worst cases, the consequences for businesses can be catastrophic.

Of course it’s not just governments and large corporations that need to be concerned. The good news is that there are some simple things you can do as a small business to ensure security without breaking the bank. Any business no matter how large or small, could be at risk – particularly retailers and those which handle personal information.

In this case, compliance with relevant frameworks, such as Payment Card Industry (PCI) regulations, may also be necessary. It might be that you use an ecommerce platform, such as Etsy to sell your products; if this is the case, make sure that your provider is compliant before entering into an agreement.

Likewise, if you process any sensitive data off premise, via a cloud platform or external server for example, you’ll need to ensure this system has appropriate security.


If they can get to the White House, better believe they can get to you

The first thing to remember is that a breach is almost inevitable; in the Ponemon Institute survey, 65% respondents said that the attack evaded existing preventative security controls and 46% said the breach was discovered by accident.

The way that your company handles such an event when it does occur will mean the difference between immeasurable damage and something that can be fixed. Make sure you have a plan in place so that you’re ready to leap into preventative mode when you need to, and take the time to truly understand your infrastructure to recognise where your weak spots are.

If your employees use mobile devices such as smartphones or tablets, remember that these can pose a particular risk. Phishing, social engineering, and endpoint security vulnerabilities make such devices fertile ground for advanced threat penetration campaigns.

Business risk increases dramatically when devices are used both for business and pleasure, particularly if personal apps have vulnerabilities that hackers can leverage to pull business information out of a device, or to insert malware. This in effect makes the device a conduit for infecting backend network systems, so if your business uses a Bring Your Own Device (BYOD) policy, this can be a particular challenge.

According to data from Google’s Our Mobile Planet, the average mobile user downloads 25 apps on their smart phone, each with their own set of permissions. Once the device is connected to your network through the corporate VPN, all this traffic can reach out and touch your network data.

Multiply those applications by the number of users in your organisation and that’s a lot of risk, not to mention the impact both personal and business traffic has on network bandwidth. You could consider implementing a per-app VPN to enable you to choose which apps can and can’t run through your corporate access, and you could also limit the number of files that can be accessed via an app.

In a similar vein, the prospect of storing sensitive data off premise in a public cloud storage system might make you feel uncomfortable, but as a small business, you will probably find that large service providers can offer a higher level of encryption than your company can afford on its own. As with any storage system, use password protection and limit the number of people who can access the most valuable information.

When thinking about how to arm your defences, remember that a single cyber solution provides only one wall of defence to security companies, and that multiple strategies can offer stronger levels of security.


Remember security threats come in all shapes and sizes

Employees act as the first line of defence in any corporate setting; it will probably come as no surprise that, on average, 19% of all messages in corporate inboxes are spam. As well as creating a nuisance, spam emails are commonly used to spread malware and other cyber threats.

With this in mind, it’s vital that employees are aware of the risks and understand how to handle them. Better education for staff will play a key role in protecting your business, and your team members should be trained on a regular basis to keep them up to date.

Centralised management is another necessity. As a small business or startup, it’s likely that you won’t yet have a dedicated IT department, so security systems must be easy to use and manage so that potential issues which arise can be easily and quickly addressed.

An intelligent, flexible system that can be managed centrally is the main priority. This will allow updates to be pushed automatically to all appliances to keep your network up to date and fully protected. Access to networks should be controlled with identity management.

All devices attempting to log onto the network must be examined to verify that they comply with the necessary security policies, such as having antivirus software installed and being updated with the latest signatures.

Building your security strategy isn’t about installing a simple one size fits all solution - different businesses will have different needs and priorities. Developments in technology mean that you will be able to find a solution for every security challenge, but take the time to understand what options are available before making an investment.

0 comments:

Post a Comment

I love your comments, yes You!!! It motivates me to blog harder. Don't hesitate to leave your comment anytime ,whenever you visit here.

Disclaimer: All comments on shamzy.com are that of the readers and not Shamzy's and do not express our (Shamzy's) view(s). Readers are liable for their comments. However, if you want me to put down a post, you can mail me to that effect, should in case you want to use the comments against me, remember we aren't laymen.
For inquiries /tip-offs: nathaniel.shammah@gmail.com
instagram :shammahn
twitter : shammahn