[BreachExchange] 8 Steps to Reduce the Financial Impact of Data Breaches to Your Business

[Audrey McNeil]

https://www.channelfutures.com/from-the-industry/8-steps-to-reduce-the-financial-impact-of-data-breaches-to-your-business

Cyberattacks continue to affect businesses of all sizes. To combat these
attacks, security professionals and IT departments are implementing more
detection and containment methodologies. However, while IT budgets are
increasing, only a fraction of this budget is being used on preventative
network security measures, with the majority being used for detection,
mitigation, recovery and remediation activities. Now is the time for IT
departments to realize that taking the time and money to invest in a
comprehensive strategy, including prevention, can significantly reduce the
likelihood of falling victim to a cyberattack–and therefore greatly reduce
the financial impact if a data breach should occur.

*The Consequences of a Cyberattack*

Cyberattacks can inflict enormous financial damage on a business, and the
consequences can be devastating. After an attack, businesses not only have
to recover data, but they must also invest in fixing the damaged portions
of their network. Business leaders must also deal with lost productivity
and the public fallout of announcing a data breach, with possible lawsuits
and reputational damage, as well as loss of trust to their business.
Businesses that are victims of a cyberattack also experience increases to
business insurance policies and the cost of rebuilding the network security
to prevent these attacks in the future.

*The Best Defense Is a Good Offense*

With the increase in data breaches on businesses of all sizes, it’s not
surprising that business leaders want to make sure their organization is
prepared to deal with the fallout of a data breach. Employing a
preventative strategy when approaching network security can lay a robust
foundation to blocking many cyber threats before they infiltrate the
network. Securing the corporate network, and devices connected to it,
through a multi-layered approach can help prevent infiltration before it
occurs. Yet, many organizations believe the initial investment and lack of
expertise are barriers to implementing prevention in the cybersecurity
lifecycle. However, there are measures every company can take to protect
themselves.

*8 Cost-effective Security Tools to Build a Prevention Strategy*

   1. *Conduct a cybersecurity risk assessment audit.*

Proactive IT security protection starts with a two-part approach. First,
conduct an audit of current data security activities in relation to
potential threats. Second, with that knowledge, develop a risk assessment
plan that includes preventative measures and policies to address the
vulnerabilities identified in the audit to protect your data.

   1. *Deploy a next-generation firewall.*

Next-generation firewalls provide protection at the network gateway
(on-premises or in a cloud) with an all-in-one solution that encompasses
web content and application filtering, virus blocking, intrusion prevention
and secure remote connectivity. Next-generation firewalls also include
employee productivity improvements such as bandwidth shaping and
application control.

   1. *Deploy endpoint protection.*

With a diverse array of devices–such as laptops, phones, tablets and other
IoT devices– deploying endpoint security throughout the network adds an
additional layer for preventing cyberattacks. Network administrators or IT
professionals can create policy settings limiting web access to sites known
to distribute malware or set specific web filter controls to corporate
devices.

   1. *Schedule network backups.*

A routine backup schedule, that includes database and network
configuration, should be stored in a different location outside of the
network. Having these backups on hand in the case of a breach will mitigate
any need to pay ransom demands and limit network downtime for employees.

   1. *Provide VPN connectivity for hybrid and remote employees.*

VPNs allow remote employees to create a safe connection to
business-critical applications or data when logging into the network
outside of the office. VPNs extend network security policies to remote
devices, safeguarding them from intruders lurking on public WiFi or a home
network.

   1. *Implement password hygiene.*

Password hygiene is critical for all employees who can access the corporate
network. Training employees to change passwords often, use strong password
recommendations and activate two-factor authentication when available will
keep credentials and crucial business information secure.

   1. *Manage directory access policies.*

Limiting access to specific files based on current employee status,
department, or even business title, can protect critical information. For
example, does a marketing team member need to have access to the financial
department’s balance sheets or vendor payment system? This crossover could
have serious implications if one employee’s credentials are compromised,
allowing unauthorized access to every file on the network.

   1. *Train employees continuously.*

As security adversaries find new ways to infiltrate networks, keeping
employees trained and up to date will only strengthen your network
security. Employees should be trained in the following aspects of network
security:

   - Corporate data responsibility and compliance regulations
   - Password and credential maintenance
   - Email responsibility with an emphasis on identifying evolving phishing
   tactics
   - Corporate device policy with attention to VPN connectivity and
   safeguarding corporate devices from theft

Cyberattacks and data breaches continue to keep IT departments searching
for new and innovative ways to outwit cyber criminals. Many departments
continue to place a heavy emphasis on detecting unauthorized access or
suspicious activities and containing these breaches to minimize the
business-wide impact. What many IT department leaders overlook is
implementing a more robust preventative strategy to strengthen their
network security posture and lay the foundation for multi-layered security
safeguards. Instituting effective preventative measures and engaging
employees as an additional line of defense against cyberattacks can save
businesses not only money, but also productivity and reputation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211104/a71f3170/attachment.html>