Nicolas Schmidle, from the New Yorker has recently asked an important question, to paraphrase – if hackers can access classified files within a company, why it is illegal for a business to hack back?
HSB Cyber Study estimates, that the number of American companies that have been hacked is close to 90 %. In the United States the government networks are protected by government agencies such as N.S.A and the Department of Homeland Security. Private companies on the other hand are largely left alone on the battlefield, thus often desperately looking for a help from the cybersecurity industry.
The cyber-security bill in place might not be perfect, but many are scared to think what would happen if, we leveraged it. Will that inspire malicious hackers to improve their skills even more? Will hacking, cracking and virus writing be even more aggressive? We don’t have these answers yet, but what we know for sure, is that building a strong security posture is the only legal and proactive solutions companies can consider if they want to sustain their business continuity uncompromised.
With solutions such as Business Continuity Management to Disaster Recovery As A Service (DRaaS), companies can help the private sector to mitigate consequences of disruptive events and stay on the surface. Read below to find out how to protect your business from cybersecurity threats, taking these 5 easy steps.
- Verification Stage – It is important for both big and SME businesses to pass through this stage. Assessment and gap analysis of the security measures for a business is rarely a one-page document with no further suggestions. During this stage, companies have a chance to learn about their internal and external vulnerabilities including businesses processes, operations, the state of resources including premises, people, third-party suppliers and of course technology. This stage might involve penetration testing, also known as a pen test, during which an authorized, simulated attack is performed on a computer system to evaluate the security of a network.
- Business Impact Analysis – In order to know how to mitigate better the consequence of a disruptive event, you need to know, figuratively speaking – how long and how hard will the fall be? In order to come up with an answer to this question you will have to look at your business from a new perspective, preferably, a perspective of an outsider. First things first, your business functions will have to be rated and hierarchized. Identifying dependencies, will help in assessing the impact of any loss or disruption. Based on conclusions from the Assessment and Gap Analysis as well as Business Impact Analysis your recovery strategies will be created.
- Make sure you regularly back – up data – These days most of the businesses are highly reliant on data. And for the good reason. Data is a lucrative resource that can both, enrich a business strategy or give rise to completely new business model. Being an asset for an increasing number of companies, it is also a primal target of hackers attacks. Thus it is important you ensure your data is continuously backed up, preferably in outside cloud storage or on a remote device that is not permanently connected over the local network.
- Keep your IoT devices safe at all times – With the ubiquity of vulnerable IoT devices, it is easy to see how they might become hackers’ next targets and be used as touchpoints for accessing your company’s network. For decades, malicious hackers have been known for targeting the “human factor” that is claimed to be the least resilient aspect of a security posture in any company. Thus smartphones and tablets, which are often used outside the safety of the office need special attention. Probably even more than the desktop devices itself. By this we mean – obligatory access security passwords switched on, keeping your devices and all installed apps updated as well as avoiding sending personal, or mission-critical data through unsecured WIFI connection. This stage also includes taking extra measures to prevent your staff from downloading potentially harmful apps.
- Prevent Malware damage – it’s the first and most obvious thing to do, yet the recent WannaCry attack has proved that organisations and companies still largely neglect this stage, yet it is so important for building a cyber-security resilience. Using antivirus software on all computers and laptops not only can reduce the chances of a cyber – attack, but also show your compliance with the existing law regulations, if you are collecting or processing customers data. Other than that, keep your Firewall always on, to retain a safe buffer between your network and the Internet.