CSI Cyber-Security for Business

The Business Cyber-Security Issue

No matter what size business you have, what industry you’re in, what kind of computer system you have, your data is at risk. FBI Director, Robert Mueller, has said that there are two kinds of companies in America today: those that have been hacked and those that will be(1). In their recent study PwC reported that 41% of U.S. businesses had experienced one or more security incidences in the last 12 months, resulting in financial loss, intellectual property theft, damage to the company’s reputation, and significant legal and regulatory exposure. They estimated that cyber security incidences cost American businesses somewhere in the range of $2.7 million per average incident(2).

Who's at Risk?

Not my company, you probably think. I’m just a small manufacturer with a handful of key products. I’m just a start-up online retail vendor. I’m a small tech firm.  I’m not a multi-billion dollar business, government entity or a big financial institution, so I’m not a target for these guys, right?

Sorry but no. True, the hackers love to go after the big names, and that’s where the big money (and the notoriety that they crave) is. But any company with financial information or customer/vendor/employee lists can be a target, not only in and of itself, but as a stepping stone to a bigger target. So yes, you could be in the cross-hairs. Dell Secureworks(3) has reported that certain industries are particularly attractive to hackers:

  • Financial Institutions
  • Defense and Aerospace
  • Entertainment and Media
  • Health Care
  • Manufacturing
  • Technology

That covers a lot of territory.  And just because your industry isn’t on the “Most Wanted” list, that doesn’t mean that your info isn’t attractive enough to someone out there with the skills and the will to make it through your defenses. This may be particularly true for small companies that have larger companies as vendors or customers. Suddenly, you are the foot in the door for the larger target. If you’re in business, you’re at risk

How Can CSI Help You Protect Yourself?

CSI can help you keep your data protected and help you stay in compliance through a Security Risk Assessment of your processes, systems and devices.

  • A frequent point of entry for hackers and data thieves is lost/stolen/unencrypted portables and mobile devices used by Employees for remote work. CSI can help you set up proper protection on a variety of mobile devices used by your employees, so even if the device is lost or stolen, your data remains protected.
  • Social Media is another “foot in the door” for hackers looking for entry into your systems. Employees may be inadvertently “leaking” sensitive data, or even maliciously sharing damaging information through their professional and personal social networking.  CSI can help you determine your risk and put together a policy that covers this area to reduce your exposure.
  • CSI can run an External Penetration Report, showing points of vulnerability in your computer network, and can help plug those gaps for yo.u
  • CSI can review your processes and protocols to firm up guidelines and apply best practices for passwords and user authentication, payment cards, remote data access, software installation authority, firewalls and anti-virus software that can increase your data and system safety and security.
  • Our knowledge of health care and IT can help you fix gaps you may not even have thought of. For example, data breaches have been known to occur through video conferencing software, online camera and other monitoring devices, social media, VPN (remote access to your network) applications, even Voice Over IP Phone software/service.  We can catch those unlikely areas as well as the more well-known ways to hack into your data.

CSI can help you pinpoint your areas of vulnerability and help you develop a plan that keeps your data and your business safer and more secure.

Sources:

  1. http://www.businessinsider.com/robert-mueller-fbi-hacking-terrorism-2012-3#ixzz3S7561xUz, accessed February 17, 2015
  2. http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.jhtml, accessed February 18, 2015
  3. http://www.secureworks.com/cyber-threat-intelligence/advanced-persistent-threat/, accessed November10, 2014