[BreachExchange] These Are The Top 3 Habits For Companies Hoping To Escape A Hack

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jul 11 20:33:17 EDT 2018


https://hackercombat.com/3-habits-every-company-needs-to-
practice-to-help-prevent-hacking/

Cyber threats are an ongoing concern for enterprises of all shapes and
sizes. Not only does the loss of data pose a threat, but the damaging
effect these hacks can have on customer confidence promises to ruin any
long-term trust. No company enjoys negative publicity, as it harms the
future of business, halts any expansion, and threatens profitability. With
the benefits of an online presence comes a strong motivation to build a
safe community around a company’s goods and services, especially as it
pertains to a healthy internet business.

This article discusses some tips on how to prevent possible cybersecurity
issues and what policies can be enforced to help firms avoid being
victimized by infection:

1.  Companies need to stop procrastinating. They must learn to take
advantage of white hat ethical hackers, whose service offers a key way to
identify network and computing weaknesses. This move needs to happen before
a real hacking scenario begins. Because ethical hacking provides insight
into the consequences of a real hack without any actual danger, the
monetary commitment is well worth the trouble. In this scenario, avoiding a
real breach is the only return on investment companies need. White hats
excel in this area because they have the knowledge of black hats but
without the malicious intent. This security precaution also provides an
opportunity for employee training and larger company education. A
knowledgeable employee is a primary defense against cyber attacks, virus
infections, and spear phishing.

2. Review data storage infrastructure and policies.  Organizations must
insist that storage devices use an industry-standard form of encryption.
There should be no exemption to this mandatory encryption rule, everyone
should be covered by the company’s board-of-directors to the entry-level
employees. Encryption of hard disk, USB flash drives, and other certified
storage devices that employees may be using with their workstations
prevents data theft, as a mere possession. Another alternative is to hire
Penetration Testing-professionals, they are individuals that are highly
skilled with pen testing, armed with special Linux distro and tools like
Kali Linux to deliberately hack the network of the firms they work for.
Identification of potential weaknesses is vital before implementing any
security software or hardware solution for the enterprise. Wrong
identification of the risks means wasted money on security products and
services.

3. Establish a clear disaster plan. With the help of the advice coming from
ethical hackers and penetration testers, the plan needs to be revised as
new threats are identified. The key people that will direct control of the
enterprise’s technical back-end needs to be named in the document as well
as their deputies. A list of dependable supplier needs to be created as
well, in order to facilitate fast recovery during a network downtime. All
of these comes with a cost, but decision makers should not demand low-cost
service or products to cover the risks because compromises of this level
only increase the chance of being the next victim when the identified
threat becomes operational due to negligence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180711/cc4a3265/attachment.html>


More information about the BreachExchange mailing list