In December 2020, hackers breached the cyber security defenses of the U.S. Treasury Department, the U.S. Commerce Department, and other federal government agencies were compromised in the act. The ensuing investigation revealed that the attack came through a SolarWinds Orion software update, which contained a trojan horse. The security breach immediately gained national attention, and based on intelligence, several high-ranking officials blamed Russian-backed cybercriminal organizations.
The message for companies should be clear. If the federal government is vulnerable to hacking, no system is safe from cyberattacks. But there are precautions that companies can take to prevent cybercriminals from gaining access to their valuable data. Here are five measures your company can take to reduce your vulnerability to cyberattacks.
1. Develop a System Security Plan
A system security plan (SSP) is the formal documentation of your protocols to ensure the integrity of your hardware, software, cyber security, etc. Your plan should contain formal policies for employees to follow, schedules for system audits, and contingency plans for security breaches. The plan should be thorough but flexible enough to implement changes as they become necessary. Unless you have a team that specializes in cybersecurity, you should outsource the plan creation to a reputable cyber security firm.
2. Employee Training
It’s essential that employees know the rules for using company computers, logging into the company network from personal devices, and updating software. During orientation, employees should be familiarized with all policies that affect cybersecurity. Your company should also implement mandatory refresher training to ensure employees don’t become lax in the established protocols.
3. Update Software Periodically
If you’ve ever read the details of a computer or phone update, the notes often contain words to the effect that update “includes security updates.” Tech companies are frequently updating their software to stay ahead of the most recent types of cyberattacks. Failing to update your software immediately is an enormous liability.
In a 2017 report by the cybersecurity firm Fortinet, researchers found that 90% of organizations reported attacks against vulnerabilities that were over three years old. 60% of the successful attacks on devices could have been prevented with patches that had been developed ten years prior.
Hackers will often try to exploit older security flaws, knowing that many employees will skip the updates. In other words, many past cybercrimes could have been prevented by universal adherence to this simple precaution.
4. Require Secure Passwords and Periodic Updates
Some employees never change their passwords, and to make matters worse, they recycle passwords from their personal accounts, which may be less secure or have already been compromised. Earlier this year, Google warned that billions of passwords have already been hacked — many of those are still in use.
Require employees to create new passwords for their accounts and to change them periodically. Longer passwords are better since many blunt-force tactics use a digit-by-digit approach. Employees should use a combination of uppercase and lowercase letters, numbers, and special characters. New passwords should be unique. Have your security team design protocols that require a monthly password update to log in and not allow repeat passwords.
5. Hire a Pen Testing Company
There are a number of ethical hacking firms that will test your company’s cybersecurity by launching fake attacks against your business and revealing any inadequacies that they uncover. This is an improvement over internal testing because it’s a more realistic exercise. Like criminal hackers, the penetration testers are unfamiliar with your system security.
The Cost of Not Securing Your Company
While hiring consultants and training employees both represent additional expenses for businesses, the cost of a successful cyberattack is much greater. Last year, the FBI reported 791,790 cybercrime complaints reporting losses of $4.2 billion — or $5,304 per complaint. While that may not sound like a significant sum when you break it down by cost-per-complaint, some companies sustained multiple attacks. Aside from the actual monetary costs, a hack of your system may cause your customers to lose faith in your online payment systems and data collection processes. Your data is your most valuable asset in the Age of Information, and ironclad cybersecurity is the insurance policy you need.