How to Protect Your Security Business Against Cyber Espionage

Learn cost-efficient, uncomplicated techniques to safeguard your security organization and your client’s sensitive information from cyber attacks.

Know your operating environment:

  • Have a network audit – The net-work design deployed should be fully documented with IP addresses, device names, networks, communication connections and services. Every IT company should be able to help.
  • Create a data map – Where is credit card information, site data, passcode data, etc., stored? What users and applications have access to that data?
  • Passwords – Develop a multilevel plan for secure access to internal equipment (servers, routers, etc.). Also plan for individual users accessing or changing any data.
  • Remote offices and mobile users – PCs access, mobile devices and branch offices are all part of the security landscape. Remote office connections should be secured outside the firewall if the devices and networks at the location are not under your security control. Develop standards for mobile devices that assure company data is not stored insecurely.
  • Desktops and servers – Purchase antivirus and antimalware for every workstation and server.

Improve defenses with active cybersecurity services:

  • Vulnerability assessments – All Fortune 500 companies use security audits, both internal and external, as an anchor of assuring quality delivery. Assessing change and the impact on operations requires continuous vigilance. The greatest risk comes from inside the organization. An audit can expose many problems with staff and systems. This is more expensive than an external vulnerability audit and should be done at least annually.
  • Device monitoring – Bandwidth utilization and equipment performance measurements are great indicators of potential security problems. In addition, you may find those users who are abusing access privileges and unpatched equipment.
  • Incident response plan – Once a breach is detected, you must act quickly to minimize the damage. During the attack is not the time to figure out what to do. All staffing shifts should be familiar with the plan and know their roles and responsibilities. This includes which firewalls to turn off or what cables to unplug. The protection of the automation systems under attack should be quick and simple as possible.

Looking to the Future

The latest high-tech offerings come with greater risks of exposure and vulnerability through unprotected networks. New products and services must be assessed for risk. As IP services increase, even into our kitchens and automobiles, these new devices create more and more angles for hackers to utilize. Symantec’s 2014 ISTR describes this unnerving predicament:

“Baby monitors, as well as security cameras and routers, were famously hacked in 2013. Furthermore, security researchers demonstrated attacks against smart televisions, automobiles and medical equipment. This gives us a preview of the security challenge presented by the rapid adoption of the Internet of Things.”

The goal is to provide both the latest innovative products and the protection that customers deserve. There is no instant solution nor does one size fit all. Put security into every product and business decision. Consider putting the Symantec’s annual ISTR on your readin
g list. It is issued each April and worthy of an hour of your time.

Committing a Piece of the Budget

The final important step is to commit to a continuing solution through an annual budget. Initial cost for documentation, professional security auditing and vulnerability studies create a baseline for future work. Information such as credit card or medical data will add to the basic security requirements. It is not unusual for companies to spend one- half of 1% of annual sales to business security – far more than even five years ago.

Maintaining a secure environment is like insurance; it’s not something you’d like to spend money on, but it is something you cannot live without. A severe breach is expensive and potentially devastating. Find the time and resources to implement the above solutions and you will save a substantial amount in the long run.

The Internet of Things is a dangerous place. The ounce of prevention is critical. The pound of cure may simply be too little too late.

Hank Goldberg is Vice President of Secure Global Solutions, an IT resource group to the security industry.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters