Just as people make New Year’s Resolutions related to personal goals, companies should also take the beginning of the year as an opportunity to reflect on areas of improvement, with cybersecurity being one of the most pertinent. The number of data breaches only increased in 2017, further proving that no organization or individual is immune from falling victim to a cyberattack.
It’s time for companies to reassess their current cyber-defenses and go beyond traditional cybersecurity methods by adding fail-safes to help ensure continued operational health. A comprehensive defense strategy is multi-layered and should include not only the most robust technology available, but also emphasize employee education and training to mitigate internal risk. Below are some critical precautions and policies for organizations to consider in the new year.
- Are passwords enough?
Last year, we predicted that days of the password would soon come to an end and while we’re not there yet, many security professionals agree this is on the horizon. As authentication trends evolve, companies need to stay updated on the technology available to protect personally identifiable information (PII). While multi-factor authentication is a crucial first step, organizations should also consider their artificial intelligence (AI) platforms and ensure security providers use patented technology to help keep hackers out. - Monitor emerging threats in the Internet of Things (IoT)
With the rapid increase in smart devices, it’s difficult to predict the next commonly-used product to join the IoT ecosystem. This uncertainty should raise some concern. As more consumers and businesses surround themselves with smart devices, cybercriminals will have more targets than ever before. Companies can help prepare for today’s hacking capabilities by identifying and addressing vulnerable, internet-connected areas, and factoring IoT-specific risks into their response plans. We include some ideas on how to do this in our 2018 Data Breach Industry Forecast. - Create a data breach response team
While many companies spend substantial time bolstering their IT systems and implementing defensive policies, some forget to revisit their data breach response plan and assemble a team ready to spring into action in the event of an attack. Cyberattacks compromise more than data; they can deal a significant blow to a company’s reputation and their customers’ trust. A data response plan should include threats to anticipate and details on how a company can respond to mend the damage in the wake of a cyberattack.
Your data breach response team should be composed of seven inter-organizational divisions:
- Information technology (IT) — The IT team identifies and stops the breach, as well as assesses the incident and is instrumental in implementing future defenses.
- Incident leader — Someone to coordinate the various divisions and efficiently manage the fallout and response.
- Executive leaders — Key decision makers who help your team plan for the resources and support you need.
- Legal — It’s essential to have people who know the legal ins and outs of compliance and privacy laws.
- Public relations (PR) — A strong PR team will help ensure effective communications to your key external audiences and with maintaining your brand reputation in the wake of a breach.
- Customer care — Those who will primarily be there to answer questions and concerns from customers.
- Human resources — Those who will address concerns from employees who may have had their data compromised.
The threats from cybercriminals are real, but having a solid plan in place helps businesses respond to an attack and protect themselves and their customers both now and in the future.