It is said that more data and information was generated in 2012 than the previous 5,000 years. If this is true, we need to be more vigilant with our privacy and security. The digital era requires that we take time to instill practices proactive and reactive, strategic, tactical, including cultural practices, policies and procedures combined in our day-to-day logistics around privacy and data security.
The big box stores, whether online or brick and mortar, may appear secure, yet they are at risk. As we have learned, Target was indeed the target. T.J. Maxx, Home Depot and others have all been breached.
Both business and consumer can benefit from these privacy and security tips.
A good way to protect yourself is to think of online cyber and mobile transactions as you would going into a bad neighborhood. Keep your eyes open.
Three cybersecurity trends and tips from four Cleveland experts
From data center facility-based cloud operator Kevin Goodman, managing director and partner, BlueBridge Networks
TREND: “The cybersecurity threat is asymmetric and the potential impact is exponential. The unfortunate reality is that the bad guys only have to get it right once; organizations have to get it right 100% of the time.”
1. “Defense in-depth,” which has been the prevailing wisdom for many years is still critical but it’s not enough. Enterprise organizations such as Target, Chase Bank and Sony, among others, have experienced significant security resources but were still breached. Companies must work smarter and harder as the effort must be ongoing and vigilant.
2. Integration and analytics is now one of the most important things that organizations need to be capable of in order to actively defend their networks. The unfortunate reality is not if you’re breached but when you’re breached. The question is how quickly will you be able to identify, analyze and act when that breach occurs.
3. Vendor trust becomes paramount as more services move to the cloud and risks increase, we simultaneously open our network perimeters to third parties. We are trusting more information to outside organizations, but we must trust and verify. You can’t outsource accountability.
From cybersecurity and computer forensics expert Timothy M. Opsitnick, founder, Jurinnov Ltd.
TREND: “Security must remain a constant focus and practice.”
4. Everyone is a work in progress. Strive for perfection but apply common sense when it comes to security and compliance. Every organization and industry is different. Note that standards are often minimums. Not all companies are the same, and not all data is the same. While the standard may be sufficient for one organization, that does not mean it is appropriate for another. Strive to be unique in what you do as there is added security when you do it differently than others.
5. Practice your incident response plan on a regular periodic basis, just as you would a fire drill. By practicing and going through the motions during a mock attack, your team can get comfortable with the process of containing a breach, eliminating the fear that would otherwise accompany the situation.
6. Ask the right questions. Find out who has access to your data in your organization and outside your organization. You cannot protect it if you do not know where and what type of data that your organization or its third parties keep.
From third-party auditor Tom Aumiller, director of information tech, Maloney + Novotny LLC
TREND: “Most data breaches go undetected for over two months. And while we would all agree that prevention is the goal, detecting a breach that has occurred, possibly before it causes damage, is just as important.”
The steps to take to recognize a problem:
7. Monitor and alert – scans, dashboards, notification alerts, visual panels and other tools for maintaining real-time vigilance.
8. Log events – keep history of system events, security camera footage, door access and any other critical security points for a reasonable period of time;
9. Review key accounts, devices, and other sensitive assets – automate or manually review key logical and physical access points to your system on a scheduled basis.
Your cybersecurity toolbox should include firewalls, encryption, strong passwords, two factor authentication, and security awareness training. However if a problem occurs, you also need the controls in place to identify the vulnerability and any breach in order to minimize damage and mitigate the weakness.
From attorney Michael D. Stovsky, partner and chair of innovations, information technology and intellectual property practice group, Benesch, Friedlander, Coplan & Aronoff LLP
“Understand the laws, rules and regulations that apply to your business and how to comply with them both from a practical business perspective and from a technical perspective.”
10. Understand that cyber security is an ESSENTIAL part of doing business effectively and not just a cost center. The consequences of a breach can and will impact your business on the revenue side in ways that you may never see overtly. You will never know how much business you lose from prospective customers who do not trust you to deal competently with cybersecurity issues and who think, “If they cut corners there, where else are they cutting corners.”
11. Have the foresight to see what is likely to occur in the future in the cybersecurity area. This is never going to be a smaller issue with less risk than it is now. It will only get larger and more technically challenging. For example, understand that the directors of companies that choose not to address cybersecurity issues now will likely face personal liability for doing so in the future. D&O will not cover intentionally or negligently failing to address these issues. Plaintiff’s lawyers will become increasingly creative in their zeal to hold companies accountable. So, do the right thing and make cybersecurity compliance a standard part of your company’s overall compliance program.
12. Be careful how you negotiate your contracts with your IT and data vendors. Most, including the very largest vendors of IT products and services (including cloud vendors) will fully negotiate their contracts in an effort to gain your business. You can and should build in appropriate protections for your business, but knowing what is reasonable in the industry is vitally important. Get good advice and apply that advice as you would in any other commercial area in which you do business.
We live in a data-centric world where as soon as we gather information, we’re disseminating it. It offers tremendous advantages as far as timeliness and efficiency but the flip side is security and corporate responsibility. There are 1,001 ways to rob the bank. You have to come up with 1,002 ways to prevent it.
Goodman is managing director and partner with Blue Bridge Networks, a cloud data center and managed services business headquartered in downtown Cleveland.