What do Fortune 100 companies and small businesses have in common? They are both susceptible to cyber security breaches. This may be surprising, as you usually only hear of massive corporations falling victim to cyber security attacks on the news. But it’s true. According to Small Business Trends, 43 percent of cyber attacks are targeted at small businesses.
Of course, that doesn’t mean large-scale organizations shouldn’t take the necessary precautions with securing information. In fact, cyber security has become a key concern to big businesses. Reuters reports that U.S. cyber security premiums totaled $1.35 billion in 2016, according to the National Association of Insurance Commissioners. Any business can benefit from learning and implementing additional methods to keep their digital information secure.
Limit access
Only allow access to sensitive materials (such as passwords, financials, client information, etc.) to those who are required and are trusted to view them. This simple tactic limits the threat of an employee, either accidentally or intentionally, leaking confidential information to outside sources.
Back up data
According to The Federal Trade Commission (FTC), taking steps to protect data in your possession can go a long way toward preventing a security breach. However, breaches can still happen, but backing up data can save a company from tremendous loss. Securing and backing up customer and company data ensures that even in the event of a breach, the company has a full record of the data history.
Dispose of data
Companies generally keep record of sensitive information about employees or consumers, so it is extremely important to ensure that this data remains secured. The FTC suggests if you don’t have a legitimate business need for personally identifying information, don’t keep it or even collect it. If there is a legitimate need for the information, keep it only as long as it is necessary, then dispose of the data responsibility.
Penetration testing
A penetration test determines the efficacy of an organization’s security controls. Many industries and audit standards require periodic penetration tests to be performed (typically annually). With the significant rise in breaches, exposures and attacks, testing and performing gap analysis on your security controls is more important than ever. Experts can simulate a comprehensive “real world” scenario, emulating the methods and attacks a malicious party would attempt against an organization.
Vulnerability assessment
Many industries and audit standards require regular scans and assessments to be performed against your organization. PCI and HIPAA, in particular, require this type of testing to be performed quarterly or each time a major change is made to your environment.
A vulnerability assessment is the “first phase” of a penetration test in many ways, but has a few key differences. Its intended purpose is to identify vulnerabilities and weaknesses in the security perimeter of your organization and its assets. Using a multi-tiered approach, consultants identify vulnerabilities by combining hardware and software based tools, applications and manual investigations.
We commit ourselves to working with our clients to identify the most concerning or sensitive areas to an organization. Feel free to contact us at dfdrconsulting.com or call us at 267-540-3337 to learn more about our services.