3 Effective Steps for Improving Cybersecurity
No individual, business, or government is immune from the threat of cyber attacks. News of rogue activist from China hacking Target is one of the most recent IT breeches. Home Depot, J.P. Morgan Chase and many other businesses have reported similar experiences. Over 50 businesses were compromised in Seattle from 2008 to 2010 by a group of cyber crooks resulting in $3 million in losses to employees, customers and the companies.
The Inspector General, Todd J. Zinser, from the Office of Information Technology Audits presented recommendations for cybersecurity improvement earlier this year. The Inspector General oversees the monitoring of commerce operations in addition to contract work, grants and cooperative agreements relating to the department. He is concerned with the looming threat of a governmental IT breech.
There are three effective steps recommended for every organization from small businesses to global enterprises to protect information from cyber threat while allowing the flow of information to outside protected sources.
- Assess cybersecurity measures. The IT Department should assess the efficiency of present cybersecurity measures for the organization. An internal phishing campaign should be conducted by the IT Department. The company should hire an outside party to determine possible cybersecurity gaps that might be missed by internal staff.
- Develop a policy and plan for cybersecurity. Information breech prevention, resolution plans and restitution for information lost should be included in the plans. The IT Department in Cooperation with Key Management Officials should perform an evaluation to determine (a) information to be protected and (b) gaps in existing protection. Update all computer operating systems and security software within the organization. Determine a budget for necessary purchases and expenditures to implement technology cybersecurity improvements. 80% of the budget should be designated to protect the most important data.
- Educate everyone involved. Conduct employee cyber awareness training workshops. Involve Human Resources, while reviewing employee security policies and educate employees of new policies. Employees should be educated concerning suspicious e-mails and warned against connecting to a public Wi-Fi on a company computer. Accessing social media sites via smartphones on the job may also lead to security breeches. Educate customers and vendors (if applicable) of security risks and steps to protect information from a breech.
*Photo courtesy of Flickr’s Creative Commons.