Tuesday, November 05, 2019
In our last post, we discussed how cyber threats can affect your organization. While you have likely taken measures to ramp up your defenses, you might still be asking yourself—is it enough?
The truth is—rethinking your strategy is the smartest thing you can do. Ransomware, distributed-denial-of-service (DDoS) attacks, and other privacy and data breaches are on the rise. And, according to a report from PricewaterhouseCoopers, less than 50% of companies are sufficiently prepared for a cybersecurity attack.
Wondering what you can do to better protect your organization from cyber threats? Check out the list of best practices below.
1. Conduct a thorough risk assessment – Knowing what cyber risks are out there and how they might impact your environment are the first steps in understanding how to best protect your organization. This can range from identifying gaps in your perimeter security to defining IT best practices and cyber hygiene for your business applications and physical security systems. You can then build a detailed cybersecurity strategy with targeted measures that minimize the likelihood of a breach.
2. Reduce the human error with clear IT policies – Educating your people on IT policies must also be factored into your cybersecurity strategy. This can start with teaching employees simple tips on how to create strong passwords and how to identify phishing scams in emails.
3. Change the passwords on your devices – If you haven’t already updated the default passwords on your security cameras or access control devices, start there. Most default manufacturer passwords on security devices become commonly known, which puts your organization in a vulnerable position. Schedule regular updates for your device passwords to ensure ongoing protection.
4. Prioritize software and firmware updates – Many software and firmware updates come with the latest fixes for known vulnerabilities. The longer you delay these updates, the more at-risk your organization is. That’s why it’s important to handle your physical security system and device updates with urgency.
5. Choose technologies with built-in defenses – Having multiple layers of defense built into your physical security solutions is critical. For instance, encryption helps you hide and protect data from unauthorized users and secures the communication between clients and servers. Authentication is another tool that determines if an entity is who it claims to be and verifies if and how that entity should access your system.
6. Use strong authorization and privacy methods – While encryption and authentication are great tools for protecting data, they cannot stop unauthorized access to a network. By using authorization capabilities, you can restrict the scope of activity within your systems by giving specific access rights to groups or individuals for resources, data, or applications. You can also blur out people in a video frame to protect their privacy and identity.
7. Stay compliant with new legislation – As cybercrime escalates, new privacy and data laws are evolving to keep businesses accountable. For example, how you manage and store captured video and data from your physical security systems must comply with new mandates such as the General Data Protection Regulation (GDPR). Staying informed about these new laws can not only help you strengthen cyber resiliency but also avoid the costly penalties for non-compliance should a breach occur.
8. Consider the benefits of cyber insurance – Cybercriminals are getting savvier by the minute. Even when you do everything right, your organization may still be at risk. Cyber insurance gives you financial support to remediate and recover in the event of a breach.
9. Re-evaluate your risks and policies on a regular basis – Cyber threats are constantly evolving. What works for you today might not work for your tomorrow. Taking time to re-assess your risks and policies including those that pertain to the security of your video and access control systems is needed to stay protected in the long run. You can also conduct regular penetration testing on your systems and strategies to identify opportunities for improvement.
10. Get involved in the discussion on cybersecurity – Relying on integrators or other service providers to deploy effective security practices is not enough. And sometimes, IT is too busy to help. Security professionals who become more involved in creating and deploying cybersecurity practices are usually in a better position to help mitigate risks.
Once you’ve created a solid cybersecurity strategy, you’ll need to think about how to maintain it. Up next in this blog series, we’re going to look at key tools and resources that can help you handle some of the above tasks, so you stay on top of your cybersecurity defenses.