Too many companies have outdated firewalls, limited security features and weak policies on data security
By Craig S. Gunderson
LEWISTON — At a recent South Portland cybersecurity forum hosted by U.S. Sen. Angus King and the Maine State Chamber, one CEO confessed that her company was “ignorant” about protecting itself against cybercrime.
It is a comment I hear frequently. The CEO who made this confession – a savvy manufacturing executive – is in good company. Too many organizations have outdated firewalls, limited security features and weak company-wide policies regarding data security. And that just scratches the surface.
The threat of some foreign entity trying to access your server, or some college scammer hacking into your system late at night, are examples we romanticize. The fact is, hackers are everywhere and indiscriminate, and often attack using sophisticated processes.
What’s worse, successful cyberattacks and compromised cybersecurity often result from internal sloppiness.
According to the IT security software company Tripwire, over 60 percent of security events are the result of an inside attack. And around 80 percent are from insiders who unintentionally compromised their company’s security. In these cases, it could be poor password settings, or employees were granted access when they shouldn’t have been.
But cybersecurity is part of a much larger issue of business continuity and data security planning. For almost all companies, a prolonged period of downtime without access to critical applications and data can have dire consequences.
Here’s a list of critical questions that organizations – small, medium or large – need to consider so their management can sleep better at night:
• Do you have a disaster recovery plan? If you do, congratulations, but be sure you test it regularly with close-to-real-life scenarios on how to handle power outages, cyberattacks, system failures, human errors and natural disasters. If you don’t, start planning now.
• Is your server room a disaster waiting to happen? In the case of most businesses that use a server room for their servers, redundant cooling isn’t an option. If you are relying only on your air conditioner to keep your server rooms cool, you can run into big problems if your AC fails. If the heat levels aren’t monitored by your team 24/7 or controlled through an automated cooling process, there’s no way of knowing if your server room is overheating.
• How do you handle an electricity failure? Consider having an uninterruptible power supply – an alternate battery backup system – or a generator. And plan for what happens when you need more fuel for that generator if an outage lasts more than a few days.
• Do you have a firewall? If you do, but it’s a couple of years old, you may as well not have one. An estimated 51 percent of organizations have a firewall that is over 3 years old, leaving them vulnerable to attack. New threats require protection from up-to-date, next-generation firewall technology.
• What about data security and password protection? Do you encrypt sensitive data? Do you password protect your files and establish unique usernames and passwords that must regularly change? Sure, it’s a nuisance to remember new passwords, but it’s much more painful to lose data in a successful hack.
• Do you have data backup and recovery? Companies should follow the 3-2-1 rule. You should have three copies of your data (one primary and two backups). They should be on two types of media (storage hardware), and you should have at least one of your copies in the cloud.
• How is your company protecting itself from data being lost or stolen off laptops or other devices? Many companies have faced significant PR backlash and expensive lawsuits simply because an employee had sensitive data on their laptop, which was stolen or compromised.
One solution that ensures security compliance is a virtual desktop solution in the cloud. Virtual desktops exist on a secure infrastructure inside a cloud provider’s data center, not on an individual device. This means that data is kept secure in the cloud at all times, and a lost laptop becomes a relatively minor equipment loss rather than a potentially serious data compromise.
With so many security threats circling the Web, it’s more critical than ever to implement reliable security measures. Like most criminals, hackers tend to be lazy, and look for easy, unguarded targets. Let’s at least make hackers work hard and give up on attacking your data.
— Originally published in the Press Herald
ABOUT THE AUTHOR
Craig S. Gunderson is president and CEO of
Oxford Networks in Lewiston