The Only Good News in the Cyber Security Industry

cyber crime investment snapshot

Six months in and 2015 has already brought headline after headline of security scandals, breaches, hacks and more bad news in the world of cyber security. While 2014 was dubbed the ‘year of the hack’, 2015 unfortunately appears to be a continuation.

Motif Investing, an online only brokerage allows for investments into trendy portfolios of stocks. The Cyber Security motif which includes a conglomerate of companies aimed at protecting businesses is up 36.6%, beating out the S&P’s 5% return to date.

What is clear in 2015, is everyone is investing in cyber security from stock traders to criminals. As the CEO of a technology consulting business, it’s a client’s worse fear to lose customer data and be breached. Yet, many business owners don’t know where to begin and don’t invest in safeguards. Follow these rules for a more secure technology infrastructure.

Invest in Basic Network Security

Apathy often plagues the small business owner that doesn’t see the return of investing into standard network security measures. Yes, Staples, Target and Home Depot spent millions on preventing cyber attacks and all were breached. However, it doesn’t require millions for a small to mid-market business and it’s expected if tasked with protecting customer or vendor data.

Inevitably, a data breach can and will happen, even to a small business in 2015. Cyber criminals know and understand that many SMB’s leave the door wide open, often with access to much larger vendors and pools of customers data.

If still a skeptic, implement basic security measures to save face. What’s worse than getting breached? Getting breached without a disaster recovery plan, anti-virus protection, encryption of confidential data and more. How the breach happened will get out to your customers and vendors and can easily lead to soured relationships and lost contracts. Is your network secure?

Move from One Time Security Measures to Ongoing Prevention

Too many businesses view security measures as a one time implementation. Realize no amount of investment into initial setup can prevent an attack in the future. The most critical moment of an attack is when it’s happening. Network monitoring allows for safeguards to beef up security and decrease vulnerability in times of need. Part software and part IT consultant, actively monitor networks, files and employee activities for suspicious activities.

Ongoing employee education plays a bigger role, as phishing attacks are on the rise in 2015. Cyber criminals are getting smarter and realizing that sometimes the easiest way to get inside an organization is to ask for access. These aren’t your Nigerian prince schemes, but highly sophisticated attacks that are legitimate enough to fool U.S. Department of Energy Employees.

Hold ongoing sessions and educate employees upfront on what websites are allowed, software access and email phishing schemes.

Target the Weakest Link

Target, the home goods retailer, was breached by an attack on a HVAC contractor with external network access. The weakest link for a global brand was a third party vendor. What access do your third party vendors have to your networks? What is the weakest link and point of entry into your systems, who has access to those systems?

Often the weakest link will be your employees. In addition to preventing phishing attacks, limit access to only necessary applications. Does an intern have access to sensitive company IP? Implement a password protection plan and limit access. Rather than allow a single employee to manage control over company data and passwords, use a system of checks and balances to prevent an employee from leaving with sensitive data.