What’s Your Cyber Security Strategy? Technology is evolving. So are the techniques and tactics of cyber security threats. Here are best practices to apply into your cyber security strategy. Published on 31 May, 2016 Technology is evolving. So are the techniques and tactics of cyber security threats. Here are best practices to apply into your cyber security strategy. Recent revelations revealed that a shocking number of UK businesses don’t have a cybersecurity blueprint in place. We illustrated the Top 5 Cyber Security Threats to Your Organisational Data, and now we’re looking at how organisational leaders can take initiatives to develop, create, and strengthen their cyber security measures and network perimeters. Understand Your Risks At one point, firewalls were enough to protect a business. Today’s technology has evolved at an unprecedented scale and rate, and so has the sophistication of tactics behind hacking and other forms of cybercrime. Virtual, traditional, and hybrid networks require different types of protection and defense. Organisations are now tasked with providing security for the entire network infrastructure, including its users. In the US, cyber security crime has made shockwaves. Four years ago, Robert S. Mueller, Director of the Federal Bureau of Investigation, remarked on the growing state of cyber security issues: “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Now in 2016, with an abundant awareness on the lack of cyber security structure in UK businesses, many organisational leaders are scrambling to take back control of their data. “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Robert S. Mueller March 2012 Creating a response plan is essential. However, many threats don’t come alone. Advanced persistent threats (APTs) are challenging when it comes to maintaining security. These threats use multiple attack vectors and entry points to commandeer defense mechanisms, with the ability to breach a network in mere minutes, but escape detection for months. Likewise, other cyber security threats come in droves and purposely raise alerts to distract security teams from other network activity. This, in combination with false alarms, can cause alert fatigue – costing UK organisations £885,000 annually. Organisational leaders must be able to communicate with security professionals and IT departments to improve prevention, detection, and resolvement of APTs and other cyber security threats. Enforce Employee Accountability Every employee at an organisation has a different role. Each employee role grants them access to different data. It is critical that each employee understands who has access to what. As such, every employee should be held accountable. A data compromise or a cyber security breach doesn’t have to be an overtly advanced tactic. Sometimes, a security compromise is as easy as leaving an unattended computer logged in, or an unprotected device out in the open for the taking. Employees should be restricted to network data and be given proper facility clearances. There should be some form of literature that catalogues these restrictions and clearly details the levels of security clearances. Additionally, this document should illustrate when an organisation’s facilities are accessible to particular groups of employees. Employee accountability should also be enforced for security and IT teams. Role-based access controls (RBAC) must be regulated. RBAC restricts users’ access to computer and network resources within a team or organisation. This means employees are kept on a need-to-know basis, and are given varying degrees of access, depending on relevance and necessity, to data and file modification rights. Update Security Policies Cyber security risks have changed in their nature, scope, and damaging potential. Organisations are now employing different modalities in their internal and external communications. Bring Your Own Device (BYOD) policies have been established in many businesses to reduce and control enterprise costs. However, when adopting a BYOD policy, there are numerous risks incurred. Even if an organisation hands out PCs, employees are likely to access email and other sensitive data through use of their personal smartphones and tablets. Endpoint protection measures must be installed onto devices and remote desktops. This stratagem should include: User download restrictions Enforced password credential updates Access to a virtual private network Password tokens, like cryptocards, for secure login As more endpoints are added into the network environment, security policies and measures must be suitably updated to reflect these changes. Train Your Security Staff Sometimes what’s masqueraded as a performance issue – network latency, application unavailability, degraded quality of service – is actually a manifesting security issue. Would your team know the difference? It’s of paramount importance to have insight into the nature of your network, and to recognise the differences between a performance issue and security issue. Along with general security policies, a security response plan must be developed. This plan should be implemented, maintained, and updated to prevent, detect, and respond to network incidents. Each member of security staff should be knowledgeable on how to identify and escalate issues to the appropriate support tiers. Your response plan should detail different types of security issues and the level of urgency. These issues vary and can include cloud breaches, APTs, malware, and phishing campaigns. Your Secured Content Mimeo deals with a lot of mission critical, and highly sensitive, organisational data from every industry. As a result, we are entrusted to protect data with end-to-end security detection, and in defense security management and protocols. Mimeo’s cyber security team has carefully taken into consideration complete network and end user protection through strengthened encrypted data transfers and critical data safeguards. This includes recording and capturing all transfers on our internal network, and encrypting your data from the time of upload to deletion – at rest and in flight. In addition to regular audits and network penetration tests, Mimeo utilises a PCI compliant payment portal. This means your content, your organisational data, and your financial data is robustly secured. twitter Tweet facebook Share pinterest Pin Mimeo Marketing Team Mimeo is a global online print provider with a mission to give customers back their time. By combining front and back-end technology with a lean production model, Mimeo is the only company in the industry to guarantee your late-night print order will be produced, shipped, and delivered by 8 am the next morning. For more information, visit mimeo.com and see how Mimeo’s solutions can help you save time today.