Your data is near and dear to the heart of your business. As cyber attacks and breaches escalate, some companies are paying greatly. According to the Cisco 2017 Annual Cybersecurity Report, over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
Investing in good security is a must, but so is spending wisely to ensure you get the maximum impact from limited resources. Combining industry data and knowledge from Pluralsight’s subject matter experts, we’ve outlined four ways you can protect your data and your bottom line.
1. Know where your data lives and breathes
To protect your data, you must first understand how it is stored, managed and used. This includes knowing what data your business partners are accessing to provide your services, as well as how they are accessing and securing it. It seems fundamental, but data mapping is an often bypassed element of security. Many businesses aren’t keeping close tabs on where their data is stored and who has access to it, according to a SANS Institute report.
“Assessing and charting where your data goes, especially if it goes outside of your organization, is paramount. As everything becomes more app and cloud-based, you need to be concerned about who your data is shared with, and where it rests.”
–Dale Meredith, Ethical Hacking expert and Pluralsight security author
2. Weigh opportunity v. risk
According to Cisco, 27 percent of employee-introduced, third-party cloud applications were categorized as high risk. These apps are often intended to create business opportunities and increase efficiencies, but they also create significant security concerns.
To combat this, organizations need to have a team approach, evaluating new tech from both a business and security perspective. Dale suggests organizing a compliance team with a rep from every area of your company – marketing, sales, etc. – to help ensure your IT goals and business goals are aligned.
3. Get pay-off from penetration testing
Regularly identify your weak spots and then structure your budget to shore them up. Your budget may not support protecting everything, so weigh the impact of protecting the most vulnerable asset against protecting a greater number of other assets. Extend your security budget by making sure that every IT project allocates funds for its own security needs.
“Having a single penetration tester is rarely enough. You need to be testing your outward-facing infrastructure, your application code, your internal systems – everything.”
–Don Jones, Microsoft MVP, Pluralsight Curriculum Director and IT author
4. Turn employees into assets
Security strategies tend to focus on the perimeter, protecting your network from outside threats. But many breaches begin inside that carefully protected perimeter – with your own employees. It’s imperative all employees know how to identify current threats and, most importantly, how to avoid them.
Dale suggests spending money on employee security training, and don’t make it just one-and-done. “It’s a continual process,” Dale said. “It’s not something you should ever stop doing, and it’s one of the most important investments you can make in terms of cybersecurity.”
WAYS TO SHARPEN SECURITY SKILLS:
- Offer access to a technology learning platform
- Encourage conference attendance
- Host brown bag lunches
- Learn from webinars
- Develop a company-wide security policy and use your IT team to put it into action
- Post security information in common areas
- Distribute helpful tips to employees via e-mail or corporate intranet
- Simulate phishing attacks (e.g., systems that periodically send phishing e-mail to staff and alert employees if they have engaged in an unsecure activity)
As threats increase, Gartner predicts that only 10% of security budgets will sufficiently cover the enterprise security landscape over the next three years. However, small security changes can have a big impact on mitigating risks in your organization. The return on investment will be most greatly realized as you focus on your specific business objectives and securing your most valuable data assets.