Essential Cyber Security Questions
Press, Text, CIO Review / Apr 22, 2016

Advancements in IoT (Internet of Things) coupled with corporations’ growing reliance on technology will no doubt increase cyber-attacks and cybercrimes geared towards a variety of businesses in the next few years. Organizations must be vigilant in their prevention techniques and their reactions to these cybercrimes. As the stakes increase, all organizations should be able to answer these four essential cyber security questions.

By Matti Kon, CEO of InfoTech Solutions for Business

Organized cyber criminals and hacker-groups are systematically targeting major industries, including health care, financial and real estate. They are looking to steal trade secrets, proprietary information, client lists and future product designs. More specifically in the pharmaceutical sector hackers have been targeting patent-protected drugs precisely to steal trade secrets. This is why it is essential for companies to understand their assets and think like a hacker. It is vital to know why their company is a target for cyber-attacks. Once a company understands why they would come under attack and what their most important company assets are, they can better safeguard their products and proprietary information.

While a relatively new concern, companies need to be aware of their internal software. Who developed it and what languages are they built on? In light of recent attacks, companies must be aware of how their systems are built. Some software products developed on an open source framework are showing vulnerabilities. Hackers penetrate weak code design, causing bugs or theft of valuable company information. Whether a company uses software products that are built internally or externally, the CEO’s and top level executives must be aware of how these systems are built. They must understand if the code was built from scratch (which is rare these days) or if the framework utilized came from open source. There should also be a general understanding of the code that the software product was written in. New systems built on recycled code, can open the door for hackers. Understanding your software will allow your IT professionals to better protect it.

Remember the classic movie line; “The call is coming from inside the house.”This is important to keep in mind. Many organizations are surprised to learn that a majority of cyber security violations start on the inside. While many of these violations by employees are accidental, the biggest thieves of company information, intellectual property, and software code are company insiders. First, we must separate the two. Accidental violations can be reduced by educating personnel on red flags they should look for, including harmful phishing or email scams. Reiterate company policy including the ban on or restricted use of USB’s for company data. A security breach by an unsuspecting employee can wreak havoc on a business. An employee that unknowingly downloads an infected file to their desktop can mean attacks on the corporate server and the destruction of crucial company data, which cannot be reversed. However, even more significant are security breaches by company insiders who have access to key data and either steal it for themselves or sell it to third parties for huge gains. Internal controls are key to preventing these types of thefts.

Companies must:

Cybercrimes are becoming inevitable. A strong offense must be coupled with a strong defense. Once a company has been penetrated, they must react immediately. What has been compromised? Was it confidential employee information? Was it intellectual property? A client list? Once aware of the exact breach, respond. Turn off company Wi-Fi, change passwords, block any ports on the servers that are open to the internet (public), scan firewalls for viruses or intrusions. If needed, restore a full and clean system backup to make sure bad data is not on servers. Companies also need to be clear and forthcoming about the attack. If employee information has been compromised, immediately send out a memo to staff letting them know what happened. If client information has been stolen, share this with them and give them access to the company’s contingency plan.

Technology is becoming more and more ubiquitous in the business world, the benefits can be significant, even life changing, but they do not come without threats. When companies ensure that their IT department is proactively combating security threats and have significant contingency plans in place, they are greatly reducing their risks of a disastrous attack. If a company does not have a strong internal IT department, they must contact an IT Outsourcing firm to ensure that their products, business operations and employees are protected.