How to Protect Your Security Business Against Cyber Espionage

Learn cost-efficient, uncomplicated techniques to safeguard your security organization and your client’s sensitive information from cyber attacks.

What does your business have in common with health insurance firm Anthem, Target, Sony, eBay and Home Depot? Hopefully not the cybersecurity weaknesses that recently cost millions of dollars, jeopardized millions user records and created lost consumer confidence that will persist for years to come.

Make no mistake, however. Your business is just as vulnerable as a national or global corporation if you are not devoting time to cyber espionage prevention. According to Symantec Corp.’s 2014 Internet Security Threat Report (ISTR), targeted cyber-attacks aimed at small businesses (1-250 employees) in 2013 accounted for 30% of all such attacks. That is compared to 18% in 2011. Executives at small and midsized businesses must put cybersecurity on their to-do list if they hope to contend with this escalating threat.

If you are doing the basics, congratulations, you are in the top 20%. Just know that cybersecurity efforts should follow into every part of the business from marketing in social media to product deployment. If you are not fully protecting your organization – and your client’s sensitive information – read on to learn understandable and easily executable best practices as mandatory first steps.

Understand the Business Risk

The good news is mistakes are prevent-able and vulnerabilities correctable, or at least manageable with due diligence. Pay attention to the details of network security and create an action plan as the cornerstone of managing the cybersecurity risk. Hackers and thieves are looking for the weakest link. Implementing simple and strategic security policies and procedures can protect you from 98% of the threats.

RELATED: Confronting the Cybersecurity Challenge

The starting point is knowledge about the data you hold and the risks it brings. Understand the controls over data and eliminate unnecessary access. Blind trust is unacceptable, and you must provide for audit and validation. Regular audits close vulnerabilities and eliminate malware. Do you audit financial statements? Of course. Validate insurance claims? Certainly. Every valuable corporate resource should be audited and controls should be triple checked to assure proper asset utilization. Alarm and customer data is too precious to rely on processes only.

Guidance from professionals is needed to define the cybersecurity action plan. External experts who live in the gray world of data communications are available in every locale. Look for specialists in the trade. The central station is unique – signaling, hosted solutions, credit card processing, HIPAA, DoD and SEC compliance should all be part of an audit and a consideration in your selection of an expert person or firm. Diligent network scrubs and vulnerability scans are also important defenses to prevent the business from ending up on the statistical casualty list.

Central stations face a particular challenge due to personal security information collected from end users. In addition to credit card and billing information, dispatch data, phone numbers, relative information and passcodes must be considered. Since people re-use passcodes, a security passcode may provide a hacker access to bank or credit card accounts.

Preparing Your Plan of Action

Too often, the complexity of security seems overwhelming. A good plan begins with basic safeguards and vulnerability audits. Consider in 2013, companies took 229 days to detect network malware, according to the 2014 Mandiant threat report. Affordable best practices are available to implement, including the following measures.

Create a protected perimeter:

  • Firewall – Protect the castle with a wall. Any network or device that is not under your security control should be separated from your internal networks with firewalls. Purchasing equipment is a start, but make sure the firewall is up-dated on a continuous basis.
  • Intrusion detection services (IDS) – Defend the perimeter with active monitoring of the activity through the gates. Attacks can delay signals or compromise voice communications. IDS is available from companies that sell firewall services.
  • VPN access – Any internal data that passes outside the perimeter must be secured. Require secure credentials and encryption for all external users that are allowed inside. VPNs are simple and secure.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters