Compliance

How to Prevent Cybersecurity Breaches: The Tips You Need

John Kim |
How to Prevent Cybersecurity Breaches: The Tips You Need

More devices, newer communication methods, increasing data volumes, and employees working from home allow multiple avenues from which cyber threats may cause a data breach. Get our 10 tips to prevent cybersecurity breaches and protect information in your organization.

How Can We Prevent Cybersecurity Breaches? 

Every month we learn about a new high-profile cybersecurity breach that is the most significant and most widespread attack yet. Operating systems are compromised and sensitive information is stolen, exposing personal data, credit card numbers, and account information. Recent attacks have even targeted hospitals and cities, taking their operating systems hostage for a ransom payment. The problem is now so common that television shows have dramatized the events as though these high-profile events are just another day at work.

A company’s information is the most valuable asset they own, making data security the highest priority. Understanding how to prevent cybersecurity breaches and protect sensitive information is now one of the most critical tasks for all organizations. Not all companies survive the fallout once a breach occurs — learning how to prevent cybersecurity breaches can mean the difference between maintaining a successful organization and going out of business after a public announcement about a data breach. 

Cyber threat has been on the radar for years now, and is increasingly gaining the attention it merits. Back in 2009, President Obama created a new office in the White House dedicated to cybersecurity matters. In a speech announcing the new office, President Obama stated, “cyber threat is one of the most serious economic and national security challenges we face as a nation.” Marc Goodman, a cybersecurity expert, and a bestselling author gave a 2012 TED Talk in which he noted, “More connections to more devices means more vulnerabilities. If you control the code, you control the world.” 

Tips on How to Prevent Cybersecurity Breaches  

When learning how to prevent cybersecurity breaches, companies can employ specific tried and true measures to prevent cyber threats. The following tips have been used to prevent cyber attacks and protect sensitive information successfully:

Identify Critical Data

Identifying the most critical information to an organization is the first step in preventing and safeguarding critical data. This can be anything from financial information to consumer or client information. Further, seeking feedback from process owners about the most critical data will give more clarity to understanding focus areas.

Strict Access, Restrictions, and Permissions Policy

Creating and implementing a strong IT security policy that clearly articulates roles, restrictions, and exceptions can go a long way in setting the right tone for cybersecurity in an organization. For tips on how you can start, ComputerWeekly provides a great guide on how to draft a good IT security policy. The IT controls over the systems with critical data should fall in scope for the IT audit team often since the risks to these systems are constantly evolving.

Hire and Nurture the Right IT Talent

Many companies value experience over education when hiring IT staff. It is essential to note this may not always be the right approach, as you need specialists in new technologies to thwart the determined efforts of hackers. Further, setting aside funds to train employees for professional development and host workshops for existing staff can also help ramp up security efforts. Hiring IT professionals with recent education can teach the staff how to prevent cybersecurity breaches they may not have experienced yet. 

End-user Training

One of the best ways to prevent cyber attacks is to provide employees with awareness training. Initiatives such as a clean desktop policy, good password practices, and suspicious email alerts act as a fine first line of defense against cyber attacks. Employees should be made aware of these best practices and be rewarded for adopting them. For pointers, Kathleen Coe, Education Director for Symantec Corporation, does an excellent job explaining what’s required to set up a computer security awareness training program.

Have a Strong Encryption Policy for Sensitive Information

A strong encryption policy prevents a company’s IT assets from being easily accessed. This won’t prevent data from being intercepted, but it will prevent the encrypted data from being readable. As evidenced from the recent Apple vs. FBI case, successful and vigilant companies highly value their encryption policies, and it is best to follow suit. Security breaches are inevitable, but encrypted data can protect sensitive information from being access if it happens.

Demand the Same Standards from Third Parties

Third-party vendors such as payroll processors, outsourced IT teams, and cloud server providers hold significant responsibility in protecting a company’s data. Management should demand transparency from these agencies to ensure the company’s data are protected and comply with privacy laws. As a common practice, vendors should produce a SOC for Cybersecurity report to prove they have a robust data security plan in place.

Manage Social Media Access

Social media is a common hunting ground for those seeking to take advantage of your network. Social media users tend to let their guard down and share too many personal details. All too often, people do the same with company information. Posts from former employees, upset vendors, or even competitors could share details maliciously to harm the company. Hackers can also gain access to social media accounts and use these in ways that can harm your brand. 

Strengthen Home Network Security

With most of the workforce working from home, either full-time or part-time, home networks are now an extension of the business network in a hybrid model. Remote employees need guidance to secure their home networks and wi-fi appropriately. Not everyone understands the steps to change their home network password on a regular basis. They may also need to use a VPN for the first time. Initial efforts to train employees should be followed with reminders to remote workers. Home security measures should extend to mobile devices as well. Cell phones and tablets are easily lost or stolen. By turning on passcode requirements, auto-off features, or even preventing network and email access to personal devices, the risk with mobile devices is lessened.

Monitor Ghost Technology

Employees will get creative when they need to get their work done. Web-based applications can be purchased cheaply and do not require installation. When employees go around the prescribed IT process and install software or even hardware on their company computers, they engage in ghost technology. IT security professionals are then tasked with protecting the network against unknown exposures. Employees can also share confidential data with third-party service providers without the company’s knowledge. Laptops should be scanned on a regular basis for unauthorized hardware and software.

Train for Attack Responses

Attacks will happen. When a breach occurs, the organization needs to know the next step. The first step is to have a well-documented response plan. The plan should be shared with the team to know what to do if they believe there has been a cybersecurity breach. Many employees do not understand what constitutes a breach, which can lead to unintentional security issues like those described in the tips about social media, home networks, and ghost technology. Train employees on what to do when a breach occurred to lessen the unpredictability.

The Bottom Line on Cybersecurity Process

In conclusion, cybersecurity is a process rather than a phenomenon. It takes a concerted effort from an organization to achieve the desired level of IT security and uninterrupted vigilance over critical data. When you devise a plan on how to prevent cybersecurity breaches, your organization will be strong enough to control the process.

John Kim

John Kim, CPA is a SOX Subject Matter Expert and Technical Sales Director at AuditBoard. He has over 10 years of experience in Internal Audit, first as a Risk Assurance Manager at PricewaterhouseCoopers and then as the Senior Manager of Internal Audit for Zynga.

You Might Like

Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.