October 2014: It’s not a contest you want to win — which retail company can put the most customers at risk? The Home Depot is now leading the pack with its recent 56-million card breach. This tops Target’s 40-million card breach and all other runners up, including Neiman Marcus, Supervalu and P.F. Chang’s.
Are there more breaches now because criminals are smarter? Is old technology making data more vulnerable? Are some companies asleep at the wheel? Yes, yes and yes. Learn from their mistakes! Here are three ways.
The bottom line. Yesterday’s security isn’t good enough. Each new breach should look like a flashing neon sign to any business that isn’t being more proactive about security this year than it was last year.
Try thinking of your company as a country with borders to protect. It doesn’t matter how big your company is what matters is that you check the passport of everyone who comes in and out. Even if they’re just visiting.
This means your company needs the right tools, practices and corporate mindset to be successful in today’s hacker environment. These three tools will boost your security immensely.
1. Encrypt your data while it’s at rest and in transit.
Data that’s at rest in a database, on a disk or on another form of media needs to be encrypted so it can’t be read by anyone who doesn’t have the key (typically usernames and passwords). The more encryption levels the better — and the less sensitive data that you store in the first place, the better too! Keys should be updated regularly and stored in a separate place.
Data that’s in transit needs equal protection. Symmetric key algorithms use basically the same key to decrypt the information on either side of the data transfer. Asymmetric key algorithms use one key to lock the data and another one to unlock it. Asymmetric is safer.
2. Keep long-term logs of activities on your network.
Constantly monitoring your network activity to spot anomalies and regularly auditing your sensitive data is critical hopefully you’re already doing this. But if you’re not also keeping long-term logs that will allow you to quickly analyze a variety of potential issues based on specific criteria, you’re falling short and could be missing important dots to connect. Without the ability to connect the dots, your system can become more easily compromised by skilled remote attackers without your IT team ever knowing about it if they don’t know what to look for.
3. Use multi-factor authentication (please!).
While many enterprises have hopped on the multi-factor authentication bandwagon, small businesses have been slow to adapt. Adding layers of authentication is one of the most effective ways to keep the bad guys out. Plus, it’s not that difficult. And contrary to what might seem logical — that small businesses don’t have to worry because hackers are focused on big-company/big-payoff targets — small businesses will actually become even more vulnerable as larger ones cover their bases and shrink the overall target pie.
|You may also be interested in: