By Dennis Jones
Breaches are happening because cybersecurity threats are evolving in kind and scope, meanwhile information security remains slow to change. The price if you’re caught napping? You lose customers, partners and credibility. All of which take time, effort and money to recover. Start implementing our cybersecurity breach prevention, detection and response best practices.
- Know the significance of your mobile data. Sometimes, businesses store sensitive data and don’t even know it. Make sure to identify if you have any sensitive data.
- Maintain good data hygiene. Often, employees aren’t being trained to uphold simple security best practices, making users their (and your) own worst enemy. For instance, this year 81% of data breaches occurred through stolen or weak passwords. A full 18% increase over last year. Educate your users and make sure that training sticks. And don’t stop there. Segment and monitor your networks, and upgrade your systems.
- Ensure you are both securing data at rest (in your database) as well as data in transit (whether on an app or in the cloud). Make sure you encrypt and/or tokenize your data.
- Assume you’ll be breached and test your plans. Invest in proper prevention and intervention technology.
If you do get breached, how should you respond?
- Minimize the scope of the intrusion. Containment needs to occur with machine speed, proficiency and urgency. Have a detailed playbook, one that addresses how to change your firewall policy, block compromised users, etc.
- Get redundant systems back up to quickly restore your operations. As an aside: given the proliferation of ransomware attacks, there’s been movement toward a tertiary back up model.
- Keep your playbooks updated with lessons learned.