The last 12 months saw large corporations, from hotels to internet giants, hit the headlines after suffering crippling data breaches—and it seems like this pattern is set to continue in the coming years. The sheer magnitude and frequency of these attacks is evidence that no matter the size or type of the business, everyone is vulnerable and could find themselves victim to attack.
But that doesn’t mean customers will see it that way. Today more than ever, they are rightly concerned about whether their data is safe, but what can be done?
Security best practice always cites that age-old saying, “An ounce of prevention is better than a pound of cure.” Naturally, there are some attacks that are impossible to avoid. There are factors outside our control. As IT professionals, we’re juggling different priorities, anomalies go undetected, and, even if we’re 100% on top of it, sometimes colleagues from other departments could be letting attackers in. That’s not to say there isn’t more we can do to protect ourselves and our organizations.
With more than a billion customers affected by corporate data breaches in 2018, data protection needs to be a priority for organizations 365 days of the year. There are five points that IT pros need to consider if the company and its customer’s data are to remain secure.
- IT teams are juggling multiple roles - Industry-standard compliance like HIPAA and PCI DSS relies on real-time sight of hundreds of security incidents at any one time. Unfortunately, it’s not that simple for smaller organizations. IT pros tend to wear multiple hats and have numerous responsibilities on their shoulders that would, in a larger enterprise, be divided across an entire department. This means that regular checks for vulnerabilities are often overlooked, and in turn, leave the organization open to risk.
- Data-driven forensics are essential - IT professionals are their organizations’ undercover detectives. They have to stay on top of what’s normal and the direction of travel for data flowing throughout the business. Even for something as innocuous as an increase or drop in traffic, IT professionals need to ask themselves, why has this happened? Could this be a risk to the business? Should I look into this in more detail?
- Patch, patch, and patch - Over the last couple of years, large-scale, global attacks such as WannaCry pointed to the need for something as simple as a routine patch test. IT pros need to become more mindful of the consequences of not rolling out tests regularly. Sure, patches are thought of as a protective measure, but if they aren’t installed and rolled out frequently, this can be the same as having a massive sign hanging over your organization showing cyber-criminals exactly where to hit so it hurts the most.
- The cost of downtime vs. the cost of staying down - In today’s ‘always-on’ world, downtime is not an option. Applications and servers need to be online 24 hours a day, 365 days a year, and 100% available, to avoid unhappy customers and potential lost revenue. Otherwise, the resulting downtime can be costly, but the key thing to remember is that with routine testing and upgrades, we’re talking about losing a few hours through a process that’s entirely within the organization’s control and that can be arranged at a time that causes the least disruption. Compare this to the sheer impact a business would experience in the face of a data breach—it’s always worth taking a moment to consider this alternative.
- Humans are targeted as often as machines - While you might have the best security strategy in place and on file, none of this matters if you cannot effectively educate the entire organization on best practices. If certain business departments or individuals aren’t abiding by the basics, then the whole company may as well be opening the front door to hackers. IT pros need all other departments to not only understand what the policies are but why they exist and the consequences for breaking them.
Eyes and ears all year round
Security has no day off, and with these considerations looming ahead for IT professionals in 2019, the role of monitoring tools will become ever more important in anticipating vulnerabilities, detecting threats, and spotting anomalies. Establishing best practices when it comes to monitoring will help IT pros be the eyes and ears behind the screens, safeguarding organizations from attack.
In today’s world, with growing threats to organizations and customer data, IT pros need to remain vigilant and ensure that everyone in the business, from the CEO through to the administrative team, is educated on the importance of data protection, 365 days of the year.