The Realities of Cybersecurity
Cybersecurity, one of the biggest buzzwords and global technology challenges, can be defined as “the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.” Cyber security threats and risks are everywhere and businesses all want to be secure, from the C-level and Board of Directors down through front line employees. Recent breaches that have made front page news strikes fear into the hearts of everyone. Larger companies like Target and Sony have the resources to weather the fallout of a cyber security event, but a breach or hack could destroy the reputation and brand of a smaller company. A breach could be especially impactful to a company that survives month to month or does the majority of its business during a particular season. One would think that with all of the risk associated with cybersecurity, companies would do “whatever it takes” to ensure security. In speaking with industry peers at conferences and technology events, I am surprised to hear that many business leaders do not want to make the sacrifices to be secure. I like to compare cyber security to weight loss; being secure is like wanting to lose 10 pounds. Everyone (myself included) wants to lose 10 pounds, but doing the hard work to lose those 10 pounds takes effort and sacrifice, and only a few can really do what it takes to make that happen. I like to apply that analogy to cyber security. Everyone wants to be secure, but few truly put forth the effort to be secure. It’s our job as Information Technology (IT) leaders to make the strong case to the business and “close the deal” to ensure that the proper funding and resources are obtained, and most importantly that the business truly buys in. This is a huge challenge for small to mid sized organizations that are not accustomed to strong controls. Larger organizations have the controls in place.
The goal of cyber security is not to change the way the business functions, but to make things more secure
I definitely hear about resistance to doing things a new way and securely from peers all the time. The avoidance of change itself is often the root cause of anxiety and not the actual cyber security initiative. The following are a few examples of business resistance to cyber security initiatives seen industry-wide.
• Blocking Third Party Email–This is how data leaves the company and viruses get in–bypassing email filtering and controls.
• Blocking External Media like USB and CD-ROM-This too is how data leaves the company and viruses get in–bypassing controls.
• Blocking Non-Corporate Wireless–Again, a back door in and out of the corporate environment.
• Rogue Offices–Offices that do not have the proper controls are a huge corporate security risk.
• User Accounts with Admin Rights–This is a big one. Many employees want local admin rights perform tasks requiring elevated system rights. Malware and viruses can easily propagate through the machine and the network using an account with elevated rights.
• Blocking Non-Corporate Application Installs–Nobody needs WeatherBug. Sorry. Application white-listing helps prevent malware from being installed.
• Secure Mobile Devices–If you want to get email on a phone, data must be encrypted and the device must be password protected.
• Strong Passwords–abc123 is not a strong password.
• Folder Restrictions–Ensuring employees have rights to just what they need helps prevent the spread of ransomware.
• Managing Social Media –Policies that define what can and can’t be posted by employees. No, you shouldn’t post a photo from your Game of Thrones script on Snapchat.
• Managing Physical Security–Lock the doors! Follow a clean-desk policy.
• Web Filtering–No, you can’t gamble online using company resources.
click here to know more- https://goo.gl/5fMYJN
