By: Enrique Velazquez – Product Manager, Security & Compliance at Cogeco Peer 1
Data security is on everyone’s mind in 2017, not only at a global level, but a personal level with more identity and personal theft of information on the rise. Companies are also facing several security concerns in this new year. Below are just a few security concerns and some solutions that any size company can benefit from.
1. In 2016, we saw large data breaches and Disturbed Denial of Service (DDoS) attacks targeted toward large well-known companies, but these data breaches can affect companies regardless of their size. The key take-away from these attacks has been the need for each company to have a risk management process in place.
Solution: An IT department with a full end-to-end risk management process, from a DDoS Mitigation solution to forensic threat and log management tools. Many companies have a silo security process in place which can put its information and that of its customers at risk. It is ideal to have a broad, flexible risk management process that is subject to some type of certification and audit process. An auditing process provides guidance to the company and a third-party that can provide best practices. For e-commerce companies that process online payments, they may want to work with the PCI Security Standards Council, a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
2. Many may think firewalls are obsolete, but this security tool can make a critical difference as an ultimate line of defense against some of the most sophisticated attacks. Firewalls are a basic security feature that some companies are choosing to ignore.
Solution: It is important to begin with reviewing the perimeter of your network, ensure your denial of service protection is up-to-date as well as all firewalls. Modern next generation firewalls offer far more solutions to modern security issues and can be a key security asset.
3. Employees who use their smart phones or laptops at work or remotely by piggybacking on a company’s network can pose a significant threat to the company’s network by exposing it to possible breaches. Any type of “Internet of Things” or “smart device” embedded with software or sensors that has network connectivity, from a thermostat to automated lighting can become a threat. For companies, in particular large companies, it may be difficult to identify right away where the threat is coming from.
Solution: Companies must have an endpoint protection solution in place that serves as antivirus and personal firewall software for centrally managed corporate environments offering security for servers and workstations.
4. Companies often do not realize that today most online security breaches take place through the application rather than the server. Many companies focus on server security but web application security is just as important.
Solution: Through web application firewalls (WAF), companies are able to take a reactive approach to fixing any intrusion on the spot. A good WAF allows you to block source IDs and can be fully managed or managed with the help of a third-party vendor.
5. Worldwide there is a shortage of information technology security experts. Additionally, some of the top security experts are based in the U.S. or Asia. For emerging markets and regions, such as Latin America, this language barrier and lack of high-level expertise can be disconcerting for companies trying to stay on the forefront of all security measures.
Solution: In order to overcome this challenge, it is necessary to find a service security partner that has more than one person based in their own city. It is also important to look into their service level track record.
For some companies, it may be overwhelming to manage all the security tools available today and stay up-to-date on the latest global or country-specific cybersecurity threats. Given this reality, it is important to team up with security partner organizations that can help establish sound security plans that can include all or a number of the tools mentioned above that are available today.
Click here for additional information on security concerns companies are facing in 2017.