- Join BJ's Wholesale Club for $20, and get a $20 gift card: Deal
- Delivering better business outcomes for CIOs
- Docker Desktop 4.35: Organization Access Tokens, Docker Home, Volumes Export, and Terminal in Docker Desktop | Docker
- Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
- Your iPhone's next iOS 18.2 update may come earlier than usual - with these AI features
Best Practices for Enterprise Security
Cyberattacks and data breaches are running rampant in enterprises, causing havoc and interrupting business operations. These nuisances are the last thing an organization wants to experience and can cause long-lasting damage to client relations, company reputation, financial standing and more. In the past 12 months more than 80% of enterprises have experienced a data breach – a new all-time high.
There is no doubt these attacks are happening thanks to advances in technology that are creating new paths for threat-actors to gain access into an enterprise’s networks. In order to minimize the likelihood of experiencing an attack or breach, and to put up the best security defenses, it is recommended that enterprises follow these five best practices:
Enlist fully encrypted communications
Not all enterprises are created equal – some have robust security protections and networks while others are outdated or weak to new-age technology like AI. While 77% of companies worldwide are using or exploring the use of AI in their operations (according to McKinsey), an EY 2024 study found 78% of people reported concerning feelings over AI causing an increase in cyberattacks. The best way to protect an enterprise today is to deploy the strongest encryption standards. This will protect sensitive data while it is in transit and at rest. When information is encrypted, it is turned into cipher text that can’t be read or used without a proper encryption key, rendering it completely useless to the bad actors who gain access to it. Using encryption, enterprises can ensure private information doesn’t land in the hands of unauthorized users.
Eliminate data collection
In a new era where vulnerability exploitation tripled in the last year, protecting data, the one thing attackers are after, is essential. In short, hackers aren’t attracted to systems that don’t have data stored on them. Therefore, one of the best ways to minimize an enterprise’s risk of a cyberattack is to eliminate data collection. Make sure software and applications being used throughout the organization are not collecting and storing data on network devices. Storing data on the Cloud can oftentimes be a safer route than storing data on individual devices.
Protect BYOD Practices
Following the pandemic, many enterprises adopted Bring Your Own Device practices to allow employees to work remotely. Although BYOD allows for more efficient operations, the practice lends itself to threats such as data theft, malware and lost or stolen devices. In 2022, 43% of employees experienced work-related phishing attacks on their personal devices. Therefore, it is critically important that in allowing BYOD practices, IT leaders define what corporate data and assets are permitted on a BYOD device as well as which applications and software can be used when connected to company networks. Additionally, these devices must be equipped with end-to-end encryption protections to prevent third parties from accessing data while it’s transferred from one device to another.
Enforce Cybersecurity Training
A study found that 74% of data breaches involved the human element, meaning employees are often the epicenter of data breaches. The best way to mitigate this denominator is to build a strong security culture. To do this, CISOs and IT leaders should enforce regular cybersecurity training that educates employees on the latest threats facing their organization. Employees should know how to identify a potential attack, report it to leadership and what to do if they fell victim to a hack. CE
O’s
Remain compliant
Compliance standards and regulations are something every enterprise must abide by and there’s a whole alphabet soup of different kinds of industry-specific compliance regulations to be mindful of such as HIPAA, GDPR, FINRA and JCI. As these set of standards evolve each year to adapt to the current threat landscape, enterprises have a responsibility to remain up to date with the latest compliance standards. Oftentimes, compliance violations occur following the sharing of unauthorized information on unsecure messaging platforms. These violations could be detrimental to a company’s financial status, client relationships and reputation.
These days, business leaders are aware of the growing frequency of data breaches and cyberattacks and are concerned that they aren’t prepared enough to handle such situations. It is a team effort to secure an entire organization but with these kinds of practices and defenses in place, the risk should be extremely less.
About the Author
Anurag Lal is the President and CEO of NetSfere. With more than 25 years of experience in technology, cybersecurity, ransomware, broadband and mobile security services, Anurag leads a team of talented innovators who are creating secure and trusted enterprise-grade workplace communication technology to equip the enterprise with world-class secure communication solutions. Lal is an expert on global cybersecurity innovations, policies, and risks.
Previously Lal was appointed by the Obama administration to serve as Director of the U.S. National Broadband Task Force. His resume includes time at Meru, iPass, British Telecom and Sprint in leadership positions. Lal has received various industry accolades including recognition by the Wireless Broadband Industry Alliance in the U.K. Lal holds a B.A. in Economics from Delhi University and is based in Washington, D.C. Anurag can be reached online at @anuragl and https://www.netsfere.com/.