2016 saw nearly twice as many records breached as compared to 2015; and nearly three times the amount that were experienced in 2014 according to the Privacy Rights Clearinghouse. The Ponemon Institute’s 2015 data breach study indicates that the average cost of a data breach grew to $3.8 million in 2015, which is a 23% increase from 2014. All indications lead us to conclude that numbers and costs will continue to rise in 2017. Taking the necessary steps now to prevent cyberattacks should be on the top of any company’s list of new year’s resolutions.
A new year brings new opportunities to learn from the past. To help kick-start this year’s security plans, here are five Cybersecurity Resolutions to consider for 2017:
1. Conduct a Risk Analysis
What threats are most likely to affect your network infrastructure? Are you up-to-date on compliance? Do you know what measures you have to have in place beyond compliance? Have the conversation with those in the know about what kinds of cyberattacks are trending that may affect you. Consult some third-party cybersecurity and InfoSec experts who track this activity for a living. Most importantly, enable your IT and Security teams to take the time to do this work…and do it now.
2. Educate and Protect Privileged Users
This is potentially the single most vital piece of advice for organizations of all sizes to consider. Human error is the weakest link to any network. Cyber-attackers count on humans to make a mistake. Studies and surveys reveal that more than half of all hacks result from human error: opening a phishing email, clicking a malicious link, etc. Studies have shown that employees don’t quit clicking on suspicious materials until the third round of cybersecurity training. Remind them…and remind them again. They must be made aware about companies data encryption, compliance awareness, biometric authentication system, data protection and security policies.
3. Ensure Your Software, Utilities and Apps are up to date
Regularly updating your software, applications, and firmware, along with regularly updating passwords and patches can be cumbersome…but it is necessary. If you are doing them manually, spend the time and money now to automate update functions and schedule reminders. Address now to make sure you have the latest fixes installed as soon as they are available. Enterprise password management and Hard drive encryption software are some of the must-to-have software’s for every organization.
4. Have a Contingency Plan
Cyberattacks are continuous, relentless and they come from every direction. So when a hack occurs, have a response and recovery plan to follow once the breach is discovered. You don’t want to try and navigate a cyberattack and its aftermath on the fly. Gather all necessary and invested players such as IT, Security team, legal, PR and top executives to make sure all get an opportunity to contribute to the plan, and are aware of its actions.
5. Assume All Attacks Are Not Final
Companies and organizations often falsely believe that responding to an incident and or patching a vulnerability means they’ve fully eliminated the threat. However, you can never assume your job is complete. Due to the growing number of multi-stage and multi vector attacks, cybercriminals are able to compromise more network infrastructure leading to higher losses.
Where to Start? Visit Softex.com
We all know that New Year’s resolutions are easily made and often broken. Make sure that your cybersecurity resolutions don’t fall off of your “to-do” list.