Unless you’ve been hiding under a rock for the last several years, you already know that cybersecurity is a really big deal. Recently, the World Economic Forum held its annual meeting in Davos, Switzerland. The theme this year was the global impact of the “4th Industrial Revolution,” which is being driven by technological change. Many experts in the field of cybersecurity attended this meeting and shared insights. Here are just a few of the important tips and trends in the ever-growing field of cybersecurity.
Right now, there are upwards of 50 BILLION devices connected to the internet. That’s an astounding statistic when you realize there are “only” 7.13 billion people on earth in early 2016! In the future, every item will be connected to the internet. And according to the experts at WISeKey, every piece of data will automatically go to the cloud. This means that data encryption will be of the utmost importance. Most business owners use a 3rd party for housing data on the cloud. When your data, including customer information, is entrusted to a 3rd party, realize that their weaknesses become your weaknesses. Be diligent about reviewing the housing provider’s contractual obligations and that the consequences of a breach are clearly defined.
The word “security” in cybersecurity encompasses the safeguarding of data from unauthorized access and use. The obligation to secure sensitive data lies firmly with business owners. According to Jackson W. Moore, a civil litigation and cybersecurity attorney in Raleigh, NC, employee training to avoid erroneous exposure of data is key. Insider errors are one of the leading causes of a lapse that becomes an entry point for a hacker. Mr. Moore recommends hiring an outside expert for employee training in this highly specialized area. Another thing that business owners must ensure is that data is properly housed and separated. In other words, your short-term contract employees should not have access to every piece of data on your server. This is exactly how the newsworthy Target breach occurred at the end of 2014. Employees in one department should not have access to sensitive data that belongs to another department. For example, HR staff do not need access to patient data in a hospital system. Everything you store should only be accessed on a need-to-know basis.
Another area for business owners to consider is device access. Most employees use their personal devices to access their company’s intranet, email, or other website areas. Are the apps on their personal devices allowing access to your company’s sensitive data? Investigators think this type of attack led to a destructive fire at a steel plant in Germany. Read the fascinating details HERE. “The trend is to put security at the product level, not at the platform level. Anyone can hack the platform,” says Carlos Moreira, CEO and Founder of WISeKey.
Malicious hacking attacks of web data are on the rise. Reporting requirements and penalties vary by state and can be a nightmare for a business owner to unravel if a breach occurs. Encryption, appropriate firewalls, separation of data, and employee training to avoid spear phishing attacks are currently your best defense.