1 November, 2016
Well-known companies like Facebook®, and Mossack Fonseca all have been recently targeted by cyber criminals, resulting in breaches of secure documents and sensitive materials, compromised payroll information, and sullied brand reputations. Simply put, the frequency of cyber attacks is not only increasing, but companies of all sizes are susceptible.
[cyber security essentials] To ward off attacks, it takes a committed effort to security, because relying on the IT department alone won’t be enough to counter all the bad actors online. Only when legal and the marketing team get involved in security decisions can cyber criminals be stopped. A three-pronged defense is the best plan of action for protecting your digital assets.
If IT, legal, and marketing aren’t working together, you could be susceptible to attack. Below, see how each department can do their part in keeping you safe and secure online.
IT Professionals
The IT department, typically, is the first line of defense against cyber criminals, and it’s IT’s primary job to stop attacks before they happen. Suffering an attack, having passwords stolen, confidential data downloaded, or the entire network compromised will not only cost the company money, but will most likely cost someone in IT their job.
According to Arbor Networks, which produces an annual Worldwide Infrastructure Security Report, last year saw the largest distributed denial-of-service attack at 500 gigabytes per second (Gbps). And it’ll only get worse. If IT security is not your company’s number one priority, it should be, and it starts with figuring out what size of attack your company can withstand, and how much it can afford to spend on remediation.
Step two is rethinking your domain name system management. Look into outsourcing, but make sure the provider can offer you 100% uptime. Third, educating employees and customers on how to detect phishing attacks is essential, and will go a long way toward reducing human error in the future.
Lastly, you should ensure that your business-critical domain names are protected with two-factor authentication, and registry- and registrar-level locks with three-party manual authorization, so you can rest easy at night knowing you’ve done everything in your power to protect your company’s digital assets.
Legal Counsel
Each year, millions of bytes of personal data are stolen through security breaches. Depending on where you practice, that kind of cyber crime can be a federal offense. But until whoever is caught and stopped, legal counsels have the ability and expertise to thwart an attack before it happens. Your legal department might also be responsible for registering and managing promotional and defensive domain names and social media usernames. Dealing with
security aspects is the next step.
Your first course of action should be to confirm that your service provider offers security measures that can help prevent domain hijacking as well as unauthorized changes and deletions of the business-critical domain names. Once your business-critical domains are secure, it’s important to grasp the various types of attacks and how they could affect clients (for example, bank details, client addresses, and personal details), so you can properly communicate how to proceed in the event of an attack.
Marketing
It doesn’t matter if your company’s online presence is informational or used for trading (eCommerce), the threats are real and can cost your business millions of dollars or result in an irreversible public relations crisis. To defend against attacks, you must start by understanding your company’s digital assets: How many domain names does your company own, are they all active, and do some only exist for defensive reasons? How many social media handles do you have, and who takes ownership?
When you know what your portfolio looks like, you can then look into cost-effective security measures for the business-critical domains your company owns. Once those sites are secure, it’s time to get a handle the different types of attacks like phishing. Reassure your clients that your company would never ask for personal information over email.
Download our full Essentials for Cyber Security guide by clicking here.
For further information, please contact:
Henry Chan, Corporation Service Company® (CSC®)
henry.chan@cscglobal.com
Ruby Pang, Corporation Service Company® (CSC®)
ruby.pang@cscglobal.com