Reputation risk
A security breach is a big reputation risk. Reputation risk is the number one concern of members of boards of directors at medium and large businesses. This statistic is the same for the second year in a row. It actually increased. According to the survey published on July 24, it is second behind the number two concern IT/cybersecurity. (read more below*.) The survey was of directors, CEOs and others on boards about their concerns. These two go together because the risk of IT compromise is so great today.
Adobe systems took a big hit in October 2013. “Adobe Systems sent customers a letter informing them of more details concerning an unauthorized intrusion. The letter includes a one-year credit monitoring offer.” http://www.talkingnewmedia.com/2013/10/15/adobe-sends-customers-letter-concerning-hacking-customer-order-information/ My company cancelled its online subscription service. Many others did the same or simply did not renew.
Target, Niemen Marcus and a host of others have been cyber hijacked. The people running these companies felt a tangible effect on the bottom line. There is a long-term impact that is not easy to quantify for the big corporations. CNET, the latest big name company effected by a security breach revealed the personal information of a million users taken last month. They took a huge reputation risk loss. Their subscribers are IT pros. No one is immune. For smaller companies reputation risk is greater, because we do not have as many resources to recover from a breach. Protection is everything.
Four things small and medium size companies need to do to be prepared for today’s reputation risks.
- Secure data behind state-of-the-art packet level firewall inspection.
- Use 24/7 scanning and monitoring
- Keep best practices in place for device security.
- Use HTTPS on your sites.
Secure data behind state-of-the-art packet inspection: Packet level inspection of network traffic or stateful packet inspection, https://en.wikipedia.org/wiki/Stateful_firewall, is enforced by a security system, perhaps several pieces of hardware that sit between your network and the other networks that it is connected to, through the public internet. Testing it and upgrading it regularly is critical. Threats are changing on a consistent basis. Protection needs to be current.
Use 24/7 device scanning and monitoring: Lightweight agents are available to secure all types of devices that we use today. The counter measures to malware and back door Trojans are having a small software program running under your control. The good agent watches the system stats and reports back to let the company know that nothing is out of balance. Another upside is if a laptop or phone is lost or stolen, a simple command can wipe the proprietary data protecting one’s reputation risk.
Keep best practices in place for device security: Updating computers and devices regularly and making sure threat protection is always current is a no brainer. With 24/7 scanning and monitoring it is easier than it used to be. However, beyond the agent users should aware that it is their responsibility to keep their device safe. Whether the devices are owned by the company or you have a BYOD (bring your own device) policy, it is part of one’s job to make certain it is secure if it affects the employer.
Use HTTPS on your sites: HTTPS also known as SSL stands for secure web traffic. It means the web site is who it claims to be. A security certificate means the browser will only accept data coming from that site. This is very important to your reputation. Without it, a business is in jeopardy of compromise. The data security on the web is the starting and end of reputation risk.
Following these four steps puts small and medium size companies on the same footing as many of the giants . Way beyond some. Mitagate your Reputation Risk today. Fill out the form below. Call or email security @ tekuser.com to get help putting some or all of these practices into your work.