6 Steps Toward A Solid Cyber Security Game Plan
The HBO hack is terrible because of several reasons. It involves Game of Thrones leaks, confidential information, and a huge ransom. If you are thinking: “But the criminals are only coming after the big guys,” think again. Small businesses can suffer from the same kind of threat. In fact, it is even costlier for them to recover. It is unfortunate that about 60% of those affected go out of business within six months of the attack.
The cable network’s dilemma serves as a timely reminder for smaller enterprises. No one gets spared when cyberwar is waged. Still, you can build an offensive, not just defensive, strategy against the hackers. Here are six steps toward ensuring your cyber security game plan is solid.
Protect the source code
If you are the software architect, you may feel protective about your creation. If you are the owner or founder of the startup, whether you are the developer or not, it is your duty to protect the source code with all you’ve got. Sometimes, intellectual property concerns can get in the way of sealing a deal with a licensee. The end user wants a copy of the raw code as a product guarantee should you go out of business. On the other hand, you want to ensure that it does not come out prematurely or fall into the wrong hands.
If a compromise is necessary, you can opt to use a source code escrow. Essentially, the client will request you to deposit the source materials with a third party. The escrow agent will only release them to the licensee when an agreed event occurs.
Implement a single sign-on service
Do you have several software-as-a-service (SaaS) subscriptions? Do you and your employees get a user account for each service, e.g. email, messaging, and CRM? The single sign-on (SSO) service eliminates the need to maintain multiple user IDs and passwords. It lets you sign in on the main portal, which then lets you access all the applications you have connected to it. Think of it as a gateway in which you only need one set of login credentials to enter.
With this solution, you can create a master password and set up authentication processes to mitigate security risks. For teams that require members to collaborate on an app, it is also possible to make software access universal, thereby reducing your expenses on individual licensing. Savings can go up to 30%, Avatier reports.
Install VPN on devices
While we are talking about saving on SaaS licensing costs, you can channel the money to a virtual private network (VPN) instead. A VPN is particularly useful for remote workers who may have to connect with public networks, such as the cafe or airport Wi-Fi. Of course, it is not hard to imagine how sensitive data can get compromised in such locations. VPN allows users to connect to a private network while retrieving or sending files outside your HQ or data center, which is basically not safe and secure as far as your tech team is concerned.
Prevent DDoS attacks from happening
First, determine how a distributed denial of service (DDoS) attack will affect your business. Create a strategy based on the severity of the risk. Talking the right people matters a lot here. Get the lowdown from your tech team and hosting provider. Based on what’s happening around the world, you have an idea of what to expect from your vendor at the very least.
Monitor and manage
Monitor and manage application usage. Deploy intrusion detection and authentication systems. Take the time to secure your physical location as well. This Paessler paper enumerates three things you need to do to solidify your monitoring and management approach:
- monitor the actual security systems,
- identify unusual occurrences,
- check environmental parameters and
- train and engage employees
Your company is as strong as your IT team. Even if your strength is in operations or marketing, give them your full support. Understand what they need. Listen to their ideas and opinions. Make sure to equip them with the ability to use existing data to their advantage. And let them share their knowledge with the rest of the company through coworker training and engagement. When it comes to cyber security, your motto should be “We’re all this together.”