Cyber security is an increasingly challenging fact of life for businesses of all sizes and in all industries. Unfortunately, there is no solution or single technology guaranteed to keep your company safe.
But even though there’s no magic bullet, there are some steps you can take to better protect your organization.
Here are seven things every IT pro should know – and do – to fight cyber attacks:
- Understand the basic types of malware so when you find malware in your systems you can understand how it got there and how to stop it. The main types of malware include:
- The virus a malicious program that can execute itself and spread by infecting other files or programs.
- Worm, a type of malware that can replicate itself without a host program and usually spreads without human intervention or instructions from the authors of the malware.
- Trojan horse, a malicious program that’s created to appear as a legitimate program. Once a trojan is activated it can execute its malicious functions.
- Spyware, a type of malware developed to collect information and data on users. It observes the activities of the users without their knowledge.
- Understand the motives of the cyberattackers because the more you know about cyberattackers, the better prepared you’ll be to deal with the threats, enhance your defenses in vulnerable areas, recognize the signs of attacks and develop effective response plans. Typically, the motives behind hackers’ attacks fall into these categories:
- Financial (e.g., theft of customer data, such as credit card numbers and Social Security numbers; ransom)
- Corporate espionage
- Implement vendor oversight programs to protect your sensitive corporate data as well as identify, manage and stay ahead of the risks associated with cyber attacks against those third-party providers.
- Protect against insider threats by implementing a security awareness program, a formal process to educate employees about corporate policies and procedures centered around protecting company systems and data. Additionally, install employee monitoring software to prevent the theft of your intellectual property by your employees.
- Understand mobile threats since most people get the majority of their information via mobile devices and develop the right identity and access management policies to make the data less vulnerable.
- Be aware of the challenges of cloud security so you can ensure that your corporate data and sensitive customer information are protected. Don’t just trust the security of your data to your cloud service provider. Rather, control and manage user access to data stored in the cloud.
- Rethink your approach to data security and understand the security challenges associated with the Internet of Things. “CIOs need to leverage security engineering practice while procuring IoT devices, putting together the project and planning an IoT pilot,” according to Gartner Research Inc. “IoT security is not just about software anymore if you don’t have a mechanism to validate and authenticate at the hardware level you’ve missed it completely.”
Yuri Martsinovsky has been working in the security software industry at SoftActivity for over 15 years. He covers insider threats, computer monitoring, and other enterprise security topics. Follow him on twitter @SoftActivity