Lessons Learned From a Major Security Breach
Lessons Learned From a Major Security Breach
The high-profile breach of a major financial firm is a harsh reminder for all businesses to re-evaluate cyber-security protocols and cyber-risk strategies.
Install Proper Network Security
Hackers are thought to have gained access to J.P. Morgan employee login information and used their credentials to capture customers’ email addresses, home addresses and telephone numbers. Suggestion: Install double authentication systems.
Any Information Can Be Valuable in the Wrong Hands
J.P. Morgan’s case proves that information with limited monetary worth can still be valuable in the wrong hands. Prioritize what electronic data is critical to your day-to-day operations and what therefore requires the most stringent controls.
Don’t Wait for Telltale Signs
Take a proactive approach to addressing potential points of entry. Cyber-criminals are becoming more adept at slipping into data networks undetected, so don’t assume your data is secure or uncompromised.
Information and Communications
A breach rarely occurs because of a single incident, so you must be able to collect and analyze meaningful information about your cyber-security. A system that aggregates data from different sources can identify patterns that indicate whether you are facing a breach.
Monitor Cyber-Risk Activities
As risk environments evolve, so too should your cyber-risk strategy. Regularly monitor your strategy’s effectiveness and those of third parties that administer your IT security. Present findings to key stakeholders for consideration.
Train Employees and Security Principles
Employees can either be an asset or a liability when it comes to cyber-security. Conduct social engineering or facility breach exercises to evaluate how susceptible your employees are to phishing schemes or other cyber-attacks
Understand the Value of What’s at Risk
Know what assets are most valuable to your business and to others. Know where they are supposed to reside, where they actually do reside, who touches them and how access is managed.
Be Proactive in Protecting Your Business
At minimum, accept that your security will be compromised. Be prepared to respond and get the basics right. Diligence can save you the embarrassment and financial impact of a major breach, so take proactive steps in anticipation of attacks
Be Prepared to Respond
Organizations that have developed incident response capabilities tend to recover faster and with less damage to their business and reputation than those that wait until an incident occurs to develop their cyber-security strategy.
The Best Defense Is a Good Offense
Having a proactive, robust plan helps minimize potential damage from a breach and can get an organization back on track faster in the wake of a disruptive event. If your resources are limited, hire a third party to supplement your information security capabilities. Don’t go it alone.
