Don't panic - security breaches

Xbox, Intercontinental Hotels, Arby’s, Veriphone (the largest manufacturer of point of sale terminals), Dun & Bradstreet, amongst many other organizations, all had data breaches in 2017 and 2018.  Data breaches from companies this size generally compromise millions of records - likely some of yours personally - and can do irreversible damage to your organization and the customers you serve.  

 

Understanding where your department sits on the security spectrum

Do you know what questions to ask to protect yourself or when investing in security software?  Is there a plan in place if a breach occurs, despite rigorous security measures? How will you be affected?  How will your customers? The number of questions to address can seem endless and overwhelming, especially when  starting the evaluation of your cybersecurity efforts. Consider the following key points to start:

 

Begin with CIA

There are three areas in cybersecurity, commonly called the CIA: Confidentiality, Integrity and Availability.  Start by identify each of your organization’s assets: tangible, intangible, digital, and then run through CIA with each asset to identify gaps in protection or priorities to take.

 

Confidentiality

Do you hold information or data that if disclosed without permission could harm either your company or customers of your organization? These include:  patient records, human resources records, and financial documents, which until publicly released, are all confidential. After listing all business assets within your company, start organizing assets by confidentially importance and outlining special measures needed to protect them.

 

Integrity

How would alteration of a confidential record impact a customer or your organization? Imagine that you have a lethal reaction to penicillin and your records were compromised to update your medical chart. It is easy to think about the consequences that could produce.

 

Availability

What does lack of availability cost for your customers to be without access to your products and services?  Before cybersecurity issues, it was easier to “guarantee” availability with back-up generators and back-up systems. Today, we need that and defense systems against cyber criminals.  

 

Enterprise security has undergone a serious change over the past few decades, brought on by rising technology advances, such a new mobile devices, Cloud computing, artificial intelligence and more. CIOs and security specialists have been under enormous pressure to keep their networks, data and assets, safe and secure in this increasingly sophisticated threat landscape. It's critical that professionals stay on top of new security scenarios to counter the threats of today’s hackers, criminals and cyber-terrorists. Consider Watch IT’s online course series Enterprise Security: Exploring a risk-centric and threat centric approach offered through OpenSesame, to better prepare your employees to cope with the security risks and challenges that come with today’s complex and rapidly evolving enterprise environment.

 

OpenSesame offers the world’s most comprehensive library of elearning courses to help build the most productive and admired workforces. Contact us at (503) 808-1268 or support@opensesame.com for more information.

 

By: Ann Boland, EVP Marketing and Brand Management at NeuVanta, parent company of Watch IT.