Cyberbreaches have become nearly inevitable facts of business life. If you operate a website, an online business, or even just an email account, the chances are good that it has already been attacked. And if it hasn’t yet been breached, the odds are it will be.
While it’s generally acknowledged that completely protecting your digital assets from attack is virtually impossible, you can take actions to reduce the severity and impact of breaches on your systems. Here are four important steps to take to reduce your vulnerability:
1. Assume your systems will be targeted and plan for that.
Every part of your online presence is susceptible to some kind of intrusion. Don’t assume that because your business is small or the microsite is insignificant that it will fly beneath the radar of would-be intruders. Intrusions are generally indiscriminate in their initial attempts and simply try to breach everything in their paths. Once a vulnerability is found, the attack escalates and pathways to connected assets are sought out and exploited. Protect everything.
2. Don’t assume that anything is already protected.
Whether you’re running commercially developed apps or internally created systems, test them for vulnerabilities. Even the largest software developers miss critical areas that can be penetrated. Perform security testing or enlist expert help. Also be sure to keep operating systems and applications patched with all current updates. Software vendors routinely discover vulnerabilities and issue patches to shut them down. Take advantage of those updates.
3. Monitor for internal intrusions.
Many attacks come across the global internet but internal staff, contractors, and otherwise trusted people that have heightened levels of access are often found to be sources of data theft or unintentional infection. Invest in systems that protect against outright copying of data to portable drives and other methods. Data leakage can be incremental if planned and executed stealthily, and small amounts of leaked information can become significant over time. Determine what data is critical to the enterprise and implement strategies and tools to protect it from both external and internal threats.
4. Install effective security software.
Desktop antivirus software is commonly included with every new computer. It can protect that computer against viruses and other malware that users unintentionally download, providing a first line of defense for your enterprise. But with the increasing variety of devices being used plus multiple points of access, you need an overarching security solution designed to protect the many levels of penetration that sophisticated attackers can reach. Every port, from point-of-sale systems to mobile devices and USB ports, must be considered as vulnerable to attack. Install the right combination of firewalls, security detection and prevention, and other protections as recommended by your security team or external experts.
No level of protection will completely eliminate the possibility that your enterprise will be breached, but taking the right steps can shore up weaknesses in your defense system and reduce the number of opportunities for attack.
Learn more now about implementing comprehensive network security thatÂ includes threat management, as well as firewall, web, and email security services from AT&T.
Scott Koegler is a technology journalist with a specialization on the intersection of business and technology. All opinions are his own. AT&T has sponsored this blog post.