Why Cybersecurity Practices Need To Change - And How They Should

​Insider information. Cyberespionage. Ransomware. Massive DDoS attacks. 2017 was a rough year for cybersecurity - and if we don’t change things, 2018 promises to be even rougher.

In order to protect ourselves against the coming tide of potentially-devastating cyberattacks, we’re going to need to evaluate and reexamine what we do to protect our businesses and their data. That starts with better data hygiene. You need to know what assets are critical to your business and what hackers are likely to target.

More importantly, you need to know where that data is located. By taking stock of high-value assets within your organization, you can better determine where you’re most vulnerable. Mind you, it isn’t enough to solely know what data is valuable.

You also need to understand how it’s shared and used on your networks. How it’s being used by third parties such as vendors and partners. What devices it’s on, and what devices it might be on.

Who has access to each sensitive file? How are they accessing, using, and sharing that file? Where is that file stored, and how is access controlled? How is that file managed, monitored, and protected?

By answering all these questions, you can both establish protective measures for your data and figure out a baseline of normal behavior that can be used to watch for and detect unusual usage that may indicate an attack.

There are a few tools and systems you can use to shore up your security in that regard.

• An enterprise collaboration platform that allows your IT department to control how files are accessed and utilized without impeding staff who want to share and edit files.
• A set of usable, intuitive business apps that allow workers to easily do their jobs, minimizing shadow IT.
• Coordinate with all departments to develop a risk assessment process that examines and addresses all the ways your data might be under threat.
• Ensure all systems are up to date.
• Incorporate security tools that address the threat of the Internet of Things. Connected devices are a completely new ballgame, and create a new threat surface that many businesses are unprepared to deal with - you need to incorporate network segmentation to keep unsecured IoT devices from being used as an entry point to sensitive data.
• Educate everyone on proper security practices and policies, and hold your vendors and partners to the same standards as your employees.
• Implement cyberinsurance to help your business better mitigate emerging threats.

Cybersecurity practices need to change - that should go without saying. As new risks to your business’s data emerge, you’re going to need to change how you protect your organization. That starts with better understanding the flow of information throughout, from workstations to connected endpoints to mobile devices.

With that understanding, you’ll be well-equipped to move forward into a new digital era.