[BreachExchange] Five Goals Business Leaders Must Set For Increased Security In 2018

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 25 19:00:58 EST 2018


For all of the small and mid-size business owners out there and/or the
decision makers within a division of a larger organization: Are you setting
goals for your organization in the coming year? It’s not too late to make
smart decisions about what course of action your organization will take to
increase online security and protect your assets.

If you think that’s unnecessary, consider that many are calling 2017 a year
of data breaches. No organization was immune, as hackers and other bad
actors targeted schools, voters, the entertainment industry, businesses of
all sizes and individuals for data theft and fraud. The consensus among
experts is that this should be a wake-up call to everyone.

As we enter 2018, now is the perfect time to reflect on how you can improve
your IT framework and internal policies to give you the best chance at
having a safe and secure year. To help you get started, check out this list
of five things I believe every business leader should be doing in this
first quarter of the year to review and update their technology best
practices, then make it your goal to take the time to walk through the

What are the steps business leaders should take this year to protect their

1. Determine your needs. Now is the time to reflect on how your
organization could improve its processes. Consider the size of your
business, the level of access required for employees and determine any
potential landmines related to a security failure, leak or loss of service.

2. Ask yourself if it’s time to hire an IT consultant. Even for leaders
with an IT team on staff, it never hurts to have an independent review of
your framework. An outside consultant can help you decide if you need to
upgrade your hardware or software and provide your own IT staff with
recommendations and support to improve security. Or, you could choose to
task a member of your staff with doing an internal review to make

3. Consider migrating to a private cloud to store data. Now is the time, if
you haven’t already made the update. Many of us are already using cloud
services, such as Dropbox and Google, for file sharing to improve
processes. Those services utilize the public cloud. I recommend that you
lease or own a private cloud with a dedicated IP space to store your data.
This provides a layer of security because it lives behind a firewall on a
file server, and access through the internet can be restricted.

4. Determine if it’s time to improve your security with use of a VPN. A
virtual private network, or VPN, is like a tunnel or gateway through which
only approved users may gain access through a layer of authentication.
There are many VPN providers, including Private Tunnel, and you can still
access Amazon and other sites through these channels. I recommend you
choose a known, reputable VPN provider that submits to peer review to
ensure the best quality services and security.

5. Adopt increased security protocols to control access. In 2018, you can’t
afford not to take this step. There are many different layers of
authentication your company can implement to improve security, based on the
needs of your organization. You might choose to add two-factor
authentication for anyone logging into the network, for example. Another
option would be to restrict access by device authentication or through IP
address and location-based security.

All of the options listed above may take time to explore and implement, but
will absolutely lead to a stronger organizational framework and increased
security in 2018. You might also set a first goal of getting further
educated on the risks and your options. There are many resources for
professional and business leaders to learn more, whether it’s through a
local chamber of commerce, recommendations from a professional network or
through an online search.

What you don’t want to do is spend another year avoiding the issue. It’s
just too important to let this be just another broken resolution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180125/aabafe12/attachment.html>

More information about the BreachExchange mailing list