Cybersecurity - Our Shared Responsibility

News

October 11, 2017

Cybersecurity - Our Shared Responsibility

The October Blog Series | Cybersecurity

Issue 12: Cybersecurity - Our Shared Responsibility


Cybersecurity is something that benefits us all -- and it has become a shared responsibility. With the proliferation of the Internet of Things, third-party solutions, and cloud technology, weak links can occur nearly anywhere within the system. Together, users, administrators, and business owners must work to secure their applications and develop better overall security habits.


The Importance of Combined Security

In any given system there are several areas of potential vulnerability. A server and its data can be vulnerable to malware, DDoS attacks, and other threats. But many businesses today also use third-party applications which also store data and connect to the network infrastructure, thereby also producing potential vulnerabilities. Companies may increase their risk through poor user authentication, a lack of encryption standards, and inappropriate security settings.

On a user level, users can potentially cause compromise in a number of ways. Most commonly, they may fail to secure their own accounts, which could lead to a malicious user gaining access to the system and its resources. Alternatively they can fail to secure their user devices, which can also grant access to their confidential data.

Everyone has something to protect. Businesses have financial information and intellectual property. Users are protecting their identity and administrators have a responsibility to both. As more data is stored on modern systems, it becomes even more critical to protect them.


End User Security Tips

  • Always keep your device password protected. Modern phones and tablets provide biometric security solutions that are designed to protect your device. Finger print and facial recognition can provide superior security to a simple passcode.
  • Practice proper password hygiene. Use long and complex passwords and refrain from writing down your password or saving it in plain text. Never share account information.
  • Report potential issues immediately. If you encounter anything that seems to be unexpected, report it to your IT administrator. Unexpected behavior could indicate issues.

Security for Business Owners

  • Involve your employees in training. Employees may not understand the importance of security or may not be aware of current risks, such as phishing and other modern security threats.
  • Keep your systems up to date. Legacy systems are difficult to secure and can cause problems for users trying to secure their own accounts. Modern systems are far better at securing accounts and data.
  • Have a disaster preparedness plan. A disaster preparedness plan gives you an actionable set of steps to take if a disaster such as data loss or cyber attack occurs. The faster you can react, the more the damage will be limited.

Administrative Best Practices

  • Limit security permissions. Users should only have the permissions to access data and features that they absolutely need. Otherwise a system compromise could be far more damaging. Users should never have the ability to grant permissions on their own unless essential as this can cause a cascade of issues.
  • Conduct regular audits. IT audits will give you a better idea of your current risk factors. Not only does this improve security but it can also be used to optimize operations. Third-party audits can be very effective in identifying potential issues that could have been missed by those more familiar with the system and its operations.
  • Automate processes. The more basic processes you can automate, the more you can ensure that everything is done regularly -- and you can spend your time on security measures and improvements rather than routine and repetitive tasks.

By working together, you can keep a system secure -- but it requires work and creating a culture of security. Businesses and administrators must do all they can to protect end users while end users must work to protect their own data.