Why is cyber security important for your business? Well, I once heard an expression from a very wise man: “No Publicity is Bad Publicity”. By this, he meant that even bad publicity is better than no publicity. I wonder if any of the following would agree:
Apple, Adobe, Anthem, Community Health Systems, Capital One, Dun & Bradstreet, Estee Lauder, Facebook, First American Financial, Ebay, Equifax, Global Payments, Home Depot, Health Net, Heartland Payment Systems, JP Morgan Chase, LabCorp, LinkedIn, Marriott International, MGM Resorts, Microsoft, Monster, Quest Diagnostics, T-Mobile, Sony, Staples, Target, TJ Maxx, Under Armour, Vodafone, Walgreens, Yahoo, and Zynga.
Each of the above suffered a breach of over 1 million records, and were publicly listed on the NASDAQ Stock Exchange. According to a report by comparitech.com, after three years their average share price was down against the NASDAQ by -15.6%.
In the light of the above, it’s clear that inadequate cyber security is very, very bad for business. But why is cyber security important for your business? and how does it work? In a recent blog, I discussed the increasing importance of publicly displaying your cyber security credentials. The reason is simple: your customers (and suppliers) do not want to be associated with, or be the victims of, a breach in your company.
So, what does cyber security cover and protect my business from?
At face value, the answer to this is simple: it protects you from cyber threats. But it’s not as simple as it might seem. For the purposes of this blog, I thought it might be useful to take a look at cyber security from the perspective of your organisation’s data. After all, in today’ world, your data is your business.
Protecting Your Data at Rest
Your data has to ‘live’ somewhere. Whether that be in The Cloud, on your IT infrastructure, on your local disk, or (gulp!) on removable media such as a memory stick.
Protecting your data at rest is then fundamentally about answering two questions: Where is my data stored? Who can access it?
The answer to the first question might seem obvious, however in today’s hyper-connected, home-working world, you might have to try a bit harder to find it than you might think. The answer to the second will allow you to formulate a plan for protecting it.
In short, protecting data at rest is about addressing the ‘where’ and the ‘who’ questions with a view to ensuring that data is encrypted wherever it is stored, and that any means of accessing it protected by layers of user security. A degree of Mobile Device Management (MDM) wouldn’t go a miss here also, to prevent data being moved to unauthorised devices, such as memory stick.
Protecting Your Data in Motion
It should go without saying that any sensitive information or data that leaves your corporate network should be encrypted. I say ‘should’, but even the UK Government hasn’t quite got the idea, as you can read about in another of our recent blogs.
Protecting data in motion is all about ensuring that data is either encrypted as a payload (e.g. an email attachment), or only travels via an encrypted point-to-point tunnel (e.g. a VPN or https session protocol).
Protecting Your Data in Use
Protecting your data in use is arguable the most difficult one. Why? Because it involves the most unpredictable component of any IT infrastructure: Humans.
Humans have a habit of trying to make their lives easier; without the hassle of following strict procedures and guidelines. After all, they’re simply trying to get their job done … right?
There are several approaches to protecting data in use, including: Data Loss Prevention, Endpoint Protection and User Awareness Training.
Endpoint Protection has moved on from just installing an anti-virus product, to an ever changing battlefront that requires machine intelligence to stay on top of things. You can hear how we are using the latest generation of Artificial Intelligence endpoint protection solutions here.
In the Cloud Era; Data Loss Prevention (DLP) is both a bigger challenge and, with the right solution, an easier problem to address. With the vast majority of our clients now using Microsoft 365 to store, access and share their information; our ability to provide enhanced DLP and compliance adherence has become one of the most important tools in our ever-growing cyber-security toolkit.
In an age of phishing, vishing and smishing; user awareness training is about educating your users continually; whilst providing them with better alternatives to the easy shortcuts that they may choose to adopt. You can hear more about how we can help with this aspect here.
What cyber security does my business need?
The problem is that the range of cyber security technologies available introduce the risk of creating a cyber security ‘solution’ that is so complicated that they, collectively, make you less secure. At best, a complex stack of technologies can make your security posture opaque; and your ability to respond to an ongoing threat slow and disjointed.
For this reason, we provide our clients with three aspects of cyber security to protect their data at rest, in motion, and in use:
- An end-to-end next-generation cyber security product set that is managed through a single pane of glass. This simplifies the management of the solution, improves overall posture visibility, and reduces to near zero the threat response time required.
- Strict Data Loss Prevention and compliance enforcement in their Microsoft 365 Tenants.
- Phishing awareness training, backed by 24 hour real-time Dark Web scanning , to reduce the risk presented by the ‘human’ factor.
Of course, no cyber security solution is perfect. That’s why we also provide full cloud and on-premises infrastructure recovery solutions for those rare occasions when the bad guys win.
Still not convinced that you need cyber security is good for your business? Just ask:
Apple, Adobe, Anthem, Community Health Systems, Capital One, Dun & Bradstreet, Estee Lauder, Facebook, First American Financial, Ebay, Equifax, Global Payments, Home Depot, Health Net, Heartland Payment Systems, JP Morgan Chase, LabCorp, LinkedIn, Marriott International, MGM Resorts, Microsoft, Monster, Quest Diagnostics, T-Mobile, Sony, Staples, Target, TJ Maxx, Under Armour, Vodafone, Walgreens, Yahoo, and Zynga.