IT Security Experts Expecting Cyber Attacks
For many companies, a data breach is not a matter of “if,” but a matter of “when.” That is the lens they look through when looking at IT security, and from there, they can prepare not only to defend against the inevitable, but also to recover from it when it finally happens. Others, however, are taking larger risks by gambling on it being an “if.”
Okta’s recently-released "Security Business Agility" report shows that around two-thirds of the surveyed companies expect a data breach within the year, unless their legacy security solutions get upgraded. While hackers and cyber criminals are always upgrading and finding new ways to overcome security solutions, companies that fall behind in their own security become easier and easier targets.
As for the organizations themselves, they’re typically more concerned about productivity than security, and may feel that security solutions create too many hoops to jump through or block certain kinds of access, thus limiting productivity.
While it may cost a few extra minutes here and there to go through multi-step authentication, the stakes of that gamble are rather high – a single data breach can cost a company a lot more than a few minutes of productivity. IBM’s 2016 Cost of Data Breach study found that the average consolidated total cost of a data breach is somewhere around $4 million, while each lost or stolen record can cost a company around $150 per record.
Human error is also a security risk that no amount of security systems can prepare for. Lost, stolen, or easily guessed passwords can create a big vulnerability for hackers to get through, so it’s important to remember two key rules for passwords: never use the same password twice, and make sure it’s strong and unique (for the love of all things good, do not use “Password1” or “12345” as your password).
However, there is some good news. The vast majority of companies Okta surveyed felt that they could safely integrate cloud and mobile applications into their systems, and while those do create a few new security risks themselves, cloud security has been steadily improving.
It’s still important to keep in mind the many devices used in a typical UC environment, thanks in no small part to the ever-growing bring-your-own-device (BYOD) trends. Employees tend to use their own phones and devices for their work and personal lives, so managing security for each device can prove difficult. Instead, securing the applications and data within them can keep information secure even if a device is compromised.
The question then becomes: how can an organization best protect itself? The answer is simple: stay up to date on the latest in security. Make sure that firewalls are up to date, that breaches can be detected quickly, and that all employees understand the security protocols and have good secure passwords.
Enabling a virtual private network (VPN) for remote users is also a good way to maintain security for remote users. Since unified communications brings together multiple, normally disconnected technologies to enable communications, security is necessary for each disparate piece of technology. By connecting through a VPN, users can provide a layer of security to protect themselves and all their communications systems.
When a service is no longer used, it becomes a vulnerability. If it’s unused, that probably means it’s not receiving updates either, which leaves its security weaker, but if it’s still connected to the network, it can become a major opening for cyber criminals to take advantage of. Disconnect any unused services before they can be used against you.
Even then, those security steps might not be enough, so it’s important to have a contingency plan for when the breach does happen. Of course, the first step is to identify the breach and close the security vulnerabilities that let it happen in the first place. It’s then important to report it, determine what the damage is and what data is lost, bring in a third party IT professional to perform a forensic analysis, and restore any data altered or damaged by the breach. Having multiple backups is important, which should be kept separate from the other servers; the only thing worse than losing important company data in a breach is to lose the backups as well.
Just because cyber security isn’t perfect doesn’t mean it’s not vital. Too many companies are leaving themselves open to an attack, and too many will be the victims of data breaches. But it’s possible to be prepared, and in preparations, be able to defend and recover.