May 2, 2019
5 Cyber Security Tasks You Need To Be Doing Regularly
Cyber Security is a huge deal. You need to be securing your data. You need to protect your intellectual property, but more importantly you need to secure your customer’s information. We’ll be looking at the need to encrypt your data, use biometrics or mutual authentication, back up your data, understand regulations, and run vulnerability assessments.
This may be one of the most important points of this discussion. We’ve all seen these breaking stories of data being stolen from large companies like Target. It wasn’t so much that the thieves broke into these companies’ servers and stole data. It was more an issue because there was no encryption in many cases. If data had been encrypted properly, the data would have been useless to the perpetrators.
There are an increasing number of regulations that require some level of encryption when customer data is involved. These regulations (California Privacy Law) reduce or eliminate fines to companies who are affected by a data breach when encryption is properly implemented.
There are times when hackers have been able to also steal the encryption keys, but this is less likely to happen. The big problem many companies have is leaving usernames, passwords and the like in plain text. On top of that, the personal information of customers like Social Security numbers, addresses, and dates of birth are also left in plain text. This is important private information for your customers. You need to do all that you can to protect their privacy. Identity theft is a horrible crime for someone to experience.
Cyber Security Verification
There are many different ways to implement verification of identity. Increasingly popular is biometric verification. This can be done through fingerprints, earlobe geometry, retina scans or voice waves, among others. These things are difficult to fake and are strong ways of securing your data properly. They make sure that the customer is the one accessing their own data and not a hacker. Another type of verification that is more common in use is that of multi-factor authentication . This type of verification makes use of enrolled email addresses, phone numbers for texting and third party authenticators such as Google Authenticator. These ensure that the person trying to access the data actually is the person who owns it.
Another important point is the use of strong passwords and policies governing them. It is pointless to adopt policies if they are not properly enforced. A key to making sure your data is secure is by making those who access the data use strong passwords that are not easily guessed. It is best to have complex unique passwords for each activity that are stored within a Password Vault like LastPass that helps to generate strong passwords and securely store them.
Oftentimes, if a hacker cannot use the data due to encryption, they will instead destroy or delete data. It is paramount that your institution is regularly backing up data. Most companies will implement these backups at night when demand is low. However it happens, it is important that it is done. It helps to avoid costly downtime in the event of an attack or a system outage. System outages can happen for many different reasons such as weather, power outages or mistakes made in deployments of changes. To lower the associated costs of a proper backup strategy, your company may want to consider moving to the cloud.
This is an important part of running any institution. You are often required to follow particular regulations when running a business. For example, the rules of FINRA (Financial Industry Regulatory Authority) must be adhered to for financial institutions or HIPAA (Health Insurance Portability and Accountability Act) for medical related institutions. At FHG we also help many companies deal with DFARS (Defense Federal Acquisition Regulation Supplement) certification tied to identification and authentication which impacts any company that has data interacting with the US government. Regulations change regularly and it is up to a company to follow them, be up to date with them, and make sure all their employees are properly trained on them. These regulations are usually created to ensure sensitive information doesn’t fall into the wrong hands. From people on the streets to terror organizations, data in the wrong hands can be catastrophic.
Many of these regulations play a very large role in cyber security. Make sure that all parties who have access to data are doing their part to keep it secure. Avoid phishing emails, unsolicited phone calls looking for information, or people trying to enter a secure building without proper identification. Have a data breach plan if all your best laid plans are circumvented. Many insurance companies require this now.
An important step to keeping your data secure is to run regular vulnerability assessments. This can come in many different forms. Software such as WhiteHat can run scans of your network and programs to identify issues. Third party companies can come to do assessments as well. Code reviews and security testing also play an important part in ensuring code doesn’t leak information unwittingly. Making sure you are current with virus scans and security updates is important. Assessments can also show gaps in training that is needed for employees.
We have covered the need to encrypt your data, use biometrics or mutual authentication, backup data, understand regulations, and run vulnerability assessments to ensure that you have a great cyber security implementation. It’s extremely important for you to protect the data you have. Your intellectual property and customer privacy are key to your business. Keep them safe and secure. If you would like to see how FHG can help you ensure cyber security, start the conversation here.
Consulting Software Engineer
Consulting Software Engineer