Strong cybersecurity is imperative for 2020 and beyond. Ransomware attacks, data breaches, and other cyber-attacks are growing in number and severity. Some cybercriminals have gone beyond holding data for ransom and have sought to literally destroy unsecured IoT devices, rendering them irreparable.
No company or individual is immune to these attacks. Most businesses don’t have strong security and they’re living on borrowed time. It’s only a matter of time before every business is compromised and forced to upgrade their security. For instance, GoDaddy recently disclosed a data breach involving stolen webhosting credentials after discovering an unauthorized party gained access to GoDaddy’s SSH. This particular incident occurred back in October 2019.
Don’t want to deal with the fallout of a cyberattack? Then start investing more in cybersecurity services to help prevent future hacking situations. Also, make sure your business isn’t overlooking the following aspects of cybersecurity.
1. Securing controllers and sensors
Network security is vital, but in certain industries, cybersecurity must extend beyond the network to protect fundamental, mechanical components like sensors and controllers.
Pat Differ, VP of sales for Mission Control, nails the importance of securing controllers and sensors for businesses in the offshore energy sector. Differ says that networks are important to protect but if sensors are compromised it’s “game over” in the industrial world.
Industrial companies can’t afford to ignore securing their control systems. Malware has historically been used to attack industrial control systems. For example, in 2010, malware destroyed uranium gas enrichment centrifuges in Iran and 2016, hackers crashed a power grid in the Ukraine.
The latest threat is ransomware called EKANS. This threat terminates software processes specific to control systems, encrypts all data the terminated programs interact with, and demands a ransom to restore access.
You can’t protect control systems with a standard firewall. You need security solutions specifically designed to protect your control systems.
2. End-to-end encryption
Using data encryption services is good, but it’s not enough unless it’s end-to-end. End-to-end encryption encrypts data while at rest and in transit. If anyone steals the data in transit or at rest, they won’t be able to read it without the decryption key.
3. Securing physical devices on-site and off-site
So, you’ve secured your company network and all of your remote employees use a secure, private Wi-Fi network and a VPN to encrypt all data. What happens when an employee’s laptop is stolen? If that employee didn’t set a password for their computer and saved company login credentials in their browser, the thief will have unrestricted access to your secure company network.
All physical devices need to be secured to prevent removal from the premises. Devices that stay onsite can be in a locked in a room and locked to the wall with physical cables. Employees should also be required to follow a strict security protocol on all devices used to perform work for the company.
A strict security protocol should include not allowing employees to save company credentials in their browser and setting a complex password for accessing the computer.
Multi-factor authentication should also be enabled as part of every security policy. If a thief gets ahold of company login credentials by stealing a laptop, they won’t be able to confirm their login without the code sent to an additional device.
4. Proper device disposal
Electronic devices like smartphones, laptops, and tablets don’t last long. If you’re going to dispose of a device, you need to properly clear it first. This requires more than just deleting data, since deleted data can be recovered.
To erase data for good, you need data destruction software to permanently overwrite the information on your hard drive. You can also reformat the hard drive to erase data permanently. In many cases, reformatting is more secure.
If you need to dispose of a device your company will never use again, run data destruction software and then reformat the hard drive before sending in your device. Do this even when a company guarantees they’ll handle destroying your data. You can’t be too cautious.
5. Diligence when outsourcing security functions
Historically, businesses have been skeptical about outsourcing security functions. However, today’s companies have too much on their plate not to outsource security to third parties.
Small and large corporations are outsourcing labor-intensive security functions like upgrading firewalls and analyzing log files. Smaller businesses are opting for managed security solutions that handle intrusion detection and run antivirus and anti-spyware programs automatically.
Cybersecurity is a complex, ongoing task
While these five aspects of cybersecurity are important, security isn’t something you set up and walk away from. For cybersecurity efforts to work, you’ve got to continually monitor and analyze data, and fix any issues as they arise.