5 BEST PRACTICES TO AVOID A CYBER ATTACK
Happy National Cyber Security Awareness Month!
Is Your Organization Safeguarded from a Cyber Attack?
In 2016, the US hit an all-time record: 1,093 data breaches according to a report released by the Identity Theft Resource Center (ITRC) and CyberScout (formerly IDT911). We can only guess that 2017 will follow the same trend with big names like Equifax, HBO, InterContinental Hotels and more announcing large-scale data breaches.
It’s not a matter of if, but when hackers will expose vulnerabilities in your network.
So, what can you do to prevent an attack?
According to the SEC, FINRA and a twist from Canalini Consulting Group, the following five best practices can help you avoid a cyberattack:
1) Governance and Education – It starts at the top with being aware of potential risks and consequences for breaches. This is no longer a time to think it won’t be you. Every industry has been a victim to hackers and there are no signs of this slowing down. Board members, the C-Suite and support teams, need to be educated on the importance of secure best practices and what could happen in the event of a data breach.
If policies and best practices aren’t in place, now is the time to sit down with your team and establish and implement them.
2) Risk Assessment – This is an ongoing process of analyzing and monitoring your environment and should be evaluated on a monthly, quarterly and annual basis. It’s also important to know what the industry standards are. What are other firms doing to protect themselves? Where have they been exposed? What issues are they experiencing? This is no longer a singular issue. Collaboration is needed to raise awareness and stay up to date on incoming threats and technology.
Avoidance is not an effective cyber security solution.
3) Training – Everyone needs to be on the same page when it comes to training. The biggest risk factor for your firm is your employees. It could be an unlocked phone left in a cab, a lost laptop, or an unauthorized document getting sent to the wrong person. Whether it’s a misstep or a malicious act, processes need to be put in place to prevent unnecessary exposure. Training needs to happen before new software and technology is adopted.
“I didn’t know” should never be an excuse for a data breach.
4) Access Management – Access rights for users and groups should be reviewed and monitored on an ongoing basis. Firms should be mapping out who gets access to what files, calendars, and programs. Additionally, policies need to be developed related to termination, role changes, or new employee on boarding. CCG has worked with trade associations and law firms on this issue and has implemented Multi-Factor Authorization as a solution to deter unauthorized access. Employees may resist the extra step at first, but the added security and peace of mind is well worth it.
Does your data operate with an open-door policy?
5) Vendor Management - If you’re like most firms, your current team may need to outsource especially when it comes to IT upgrades and updates. Be sure to have clear expectations and guidelines with your outside vendors to prevent leaks and openings from being created. Before a vendor comes in, they should be vetted and assessed and references should be available on the ready. If your organization doesn’t already have vendor management policies, they should be created and implemented yesterday.
Even if your mom refers a vendor, they still need a background check.
About Canalini Consulting Group
Canalini Consulting Group (CCG) provides full-service cloud-based solutions for law firms, associations, government agencies and for-profit enterprises. Based in our nation's capital, Canalini's seasoned team of Microsoft Certified experts including Solution Architects, Senior Consultants, Systems Engineers, Project Managers, and Corporate Trainers provides customized technology solutions, optimal business process analysis and client-centered strategies. Canalini works in partnership with clients to implement technological solutions to achieve strategic goals, reduce operational costs, and modernize long-term practices. CCG has its finger on the pulse of potential security risks and works with the growing demands of its partners to deliver best in class, leading edge results. CCG is now a Microsoft Gold Cloud Platform Partner. www.canalini.com