Tech Report

By: Megan Nichols

In a relatively brief span of about 20 years, advances in network technology and computing power have not only completely reshaped our society, but transformed the way we do business.

The estimated volume of information archived in cyberspace was at 1.2 million terabytes in 2013. That number increases every day, and if you’ve ever made a purchase online, sent an instant message, or liked a Facebook post, there’s a corner of the internet devoted to your personal information.

Cybercrime, once the topic of far-flung novels and movies, has become an imposing antagonist in this new reality. There will come a day when regulation and legal precedent can be executed in real time to stop cybercriminals, but we’re not there yet, and chances are it’s going to be a while.

That poses some severe implications for anyone running a business as we approach the fourth industrial revolution. The onus is on you to protect the personal information of your company and your employees. Criminals want to exploit this information, for profit, and getting in front of them can be the difference between staying in business and early retirement.

Let’s take a look at some key areas you need to consider with developing an information security strategy:

Your Network
Your business will have a dedicated network used by employees to move data and perform business operations. As a crucial piece of your business’ infrastructure, you must ensure that threats are not allowed to propagate through your business’ network.

A compromise can take the form of a data breach, denial-of-service (DOS) attack, or malware encryption infection, to name a few potentially crippling exploits. Prevent access from outsiders by using a secure firewall, encrypted communication, reputation-based email, and file scanning, and 2-factor authentication and on-premise policies for users.

Last, perform penetration testing, or ‘pen testing’ to see how secure your solution is. Many information security vendors can offer this as a service, and it can be invaluable in identifying possible attack vectors that might go overlooked otherwise.

 

The Cloud

The availability of low-cost, high-volume computing resources in the cloud has revolutionized the Software-as-a-service (SAAS) workspace, but it’s important to be vigilant when you make use of these solutions. Because of their high visibility, large cloud environments can be targets for cyber-attacks that affect all users of a given service.

If you use a cloud resource, consult an IT professional about managing remote access permissions between the cloud and your environment. Make sure you are in contact with the team managing your cloud solution so that they can notify you of any potential threats, and verify that logging is arranged on your cloud properties so that you have an audit trail in the case of an event.

Devices & Apps

It used to be that a business phone was a sign of stature, but then we got smart and realized carrying two phones is a drag. With more companies allowing bring-your-own-device policies, it’s important to ensure that employee devices aren’t suseptable attack vectors.

 
Device monitoring software such as Airwatch can be utilized by your IT department to make sure that unwelcome 3rd-party software is not allowed on devices with access to company data.

 
Enforce an authentication and content security policy for devices so that only your employees can use a mobile device on the company network, and make sure that employees agree to terms of use that allow your IT department to regulate any apps present.

Data

Data is suddenly the world’s most abundant and valuable commodity. Protecting comany data should be a top priority. A security standard like the ISO 27001 is an information security management standard that allows IT departments to manage and assess risks. At the very least a breach can lead to bad PR; worst case scenario is the loss of the wrong data crippling an entire company.

Many states are working to develop legal standards to dictate what is required when a business that houses public data suffers a breach. California has been a leader in this regard by requiring companies to advise their users on steps to take to mitigate the impact of such an incident.

Even if you don’t house data from outside users, however, it’s a good idea to take every precaution against data loss. Make sure that your data is compliant with SSAE 16, SAS 70 and SOC 2 security standards. Clients on your network (terminal computers) should be tested to see that they are HIPPA and PCI certified.

As with the other key areas, many network security providers can provide consultative services and advice about how to arrange firewalls, permissions, and local security policies to achieve these certifications.

Fighting Back

The FBI has taken a stand against cyber security, and while we are starting to see some progress in the debilitation of botnets like Windigo and Srizbi, there remain an unquestionably high number of hackers that go unpunished for their crimes.

 

As network security advances and we become more familiar with means of tracking down the individuals responsible, our ability to take the fight to the perpetrators will inevitably increase.
For now, however, there is no better offense than a good defense. Many network security providers are using reputation-based cloud technology to gather information about potential threats through their software on client computers, so make sure to participate in such programs if you want to help bring cyber-criminals to justice.

 

About the Author:

megannicholsMegan Nichols is the editor of Schooled by Science. She enjoys writing about the latest innovations in technology and science.

To learn more about NewsWatch on the Discovery Channel, check us out on Tumblr!