The Buffalo Niagara Partnership hosted a Cybersecurity Seminar on Friday, September 30. Seventy local companies attended this event to get informed regarding how to protect their company’s data, reputation and business. One hears about Cybersecurity attacks every day, and they are on the rise with no end in sight. This can seem like scary stuff, but don’t let this news paralyze you. The first step is getting informed, the next step is getting started. Here are some tips from the event on what to do next.
- Do something
People make the mistake of thinking this won’t affect their business or that it is too overwhelming to do anything. The data indicates that 92% of cyberattacks were not difficult and could have been easily prevented. Start with taking an inventory of authorized and unauthorized devices and software. Know what you’ve got!
- Form an Incident Response Team
Data is liquid gold. Hackers are vying for your data. This issue is not just an IT issue, it is a people issue. Identify those people in your organization that care about the health and welfare of the business. They can be the CFO, CRM expert, V.P. of Sales and Marketing or the HR Generalist. They should be the first people to know there has been a breach and they should contact at least one officer/director/executive within the company, the company’s outside security vendor and the company’s outside legal counsel.
- Be Proactive with your IT Specialist
Whether your IT department is internal or outsourced, be proactive. Take the time to review these top 20 items to help you make sure you have your IT bases covered. Your protection does not have to be over-engineered. Cover the basics, at the very least to start.
- Assess, Test and Gauge
See how your company fares on the Information Technology score card. This score card helps you asses your basic foundation, policies, access control and monitoring devices. Your score will indicate next steps and will help you prioritize your actions.
- Change your Passwords
Passwords should be changed often, never shared with others and should not be lying around. 63% of confirmed data breaches leverage a weak, default or stolen password.
- Protect your Data
It is important to be aware of the content coming in and going out of your organization. Take the time to block certain types of websites and block certain countries. Be suspicious of large data transfers and monitor this on a regular basis.
- Choose who should have Access
Limit the users of your system with administrative rights. Activities by administrators should be logged. Monitor logs for unusual items. Where possible segregate duties.
- Make Quality Assurance Count
Perform audits and other checks on a regular basis. This will help ensure that your controls are actually working. It only takes one time a control is missed for a breach or loss to take place.
Four out of five victims of a breach don’t realize they’ve been attacked for a week or longer. Don’t be a victim. Get informed. Get started.
Thank you to our panel of experts at the Cybersecurity Seminar:
William M. Prohn CISSP, CISA, CGEIT Managing Director of Dopkins, System Consultants, Dopkins & Company, LLP
Steven Murphy, President and Founder of Whiteboard IT Solutions
Dennis C. Vacco, Esq. and B Kevin Burke, JR., Esq. Lippes Mathias Wexler Friedman LLP
Plan on attending CyberSecurity 2.0 Seminar on March 15, 2017 at the Buffalo Niagara Partnership. Register here.