Five Tips for Preventing Cyber-Security Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://ww2.cfo.com/technology/2014/07/five-tips-preventing-cyber-security-breaches/

Discount retailer Target recently admitted it spent $88 million to improve
its cyber-security systems following last year’s data breach, says finance
resource site Proformative. And the meter is still running, with the firm
most assuredly on the hook for legal costs for defending itself from
lawsuits, not to mention the damage to Target’s reputation. For other
companies and their finance chiefs, the incident highlighted an issue that
has become top of mind, regardless of size or sector.

“Every day there seems to be a new headline reporting another Internet
security breach or data protection lapse — be it hacked credit card data,
the Heartbleed Bug or well-crafted phishing scams luring victims to give up
sensitive information,” writes RoseRyan executive Pat Voll. A positive
takeaway is that highly public data breaches goad companies to overhaul
their own internal infrastructures.

In addition to IT staff addressing data security issues at firms, though,
CFOs, “as the keeper and protector of their business’ security information
and internal controls,” share responsibility for safeguarding a company. To
thwart would-be hackers and stay out of the headlines, Voll offers five
tips for CFOs:

Identify the crown jewels. Before assessing cyber security solutions,
identify your most critical data. This can be anything from financial
information to consumer or client information. And to further home in on
the important data, do not hesitate to ask staffers for their help when
figuring out what needs to be safeguarded.

Control who has access to that valuable and vulnerable info. Now that you
know your firm’s most critical data, who has access to it? Monitor access
so no one except authorized individuals can get at it. And make sure all
sensitive data is backed up so the company “is not vulnerable to ransom
demands for stolen data.”

Review third parties critically. Although the Securities and Exchange
Commission has made an active effort the last few years to address cyber
security threats, do not take it as a given that it or any other third
party “has it all under control.” Demand transparency when it comes to how
outside agencies are protecting your data and complying with privacy laws.

Encrypt like crazy: Whether it’s information on computer drives, laptops or
flash drives, all critical data should be encrypted. Says Voll: “Encryption
won’t protect your data from being intercepted. But it can protect the
contents from getting read.”

Engage everyone in the effort. To increase cyber-security effectiveness,
make sure everyone is involved. Do not operate in silos. Provide employees
with regular updates, training and education on how they can safeguard data.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!