Research shows that it takes only a few days to breach a business’s data, but businesses discover less than 25 percent of those breaches in the same amount of time.1 Companies often feel the impact of a security breach far beyond lost revenue; a breach can result in blows to their reputation, customer satisfaction and sense of safety in the aftermath.
Applying proactive measures can help prevent costly security breaches, which security technology company McAfee estimates result in more than $400 billion in losses to the global economy each year.2
Here are five of the industry’s best practices to help your cybersecurity team work efficiently and successfully within your company:
1. Build a dialogue around cybersecurity from the top
Security discussions should start with the C-level executives at your company and work down, says Brian O’Hara, senior security consultant at Rook Security. Similarly, cybersecurity should have a place at the table during large project discussions to ensure managers keep security top of mind.
2. Separate the chief information security officer duties from the chief information officer role
Often, the role of a chief information security officer is lumped into the chief information officer’s duties and is then overlooked. To best organize your security department, the two should be separate. “Ideally, have the security officer role not report within IT,” says Manoj Garg, a consulting chief information officer and managing partner of Virtual Information Executives.
3. Provide your team members with access to outside resources
Make sure your department has points of contact with outside organizations, such as the Information Systems Security Association and InfraGard, to get reliable information in case of a problem. These resources can provide you with up-to-date information in the event of a dangerous breach and teach you what to look for to prevent cyber attacks.
4. Invest in human solutions, not software solutions
A quarter of all security incidents in 2013 were the result of human errors, according to Verizon’s 2014 Data Breach Investigations Report. And while only 2 percent of the incidents resulted in actual breaches, human mistakes are among the most straightforward security problems to solve.
“It’s really about what’s between our ears, not the box you can buy,” O’Hara says. Routine business processes are particularly prone to errors. Sending emails with documents to the wrong address, for example, could expose sensitive information, and failing to apply a WordPress patch to a software update could leave a website vulnerable.
5. Consider using an outside firm to monitor alerts
Similarly, costly security and detection systems are useless if your team doesn’t know how to use them properly. Garg recommends implementing multiple layers of security, such as firewalls and antivirus systems, as well as working with an outside firm to filter through the flood of alerts security monitoring systems produce.
“Doing this right requires a very high degree of expertise, and one should leave this to the experts,” he says. They can filter the critical alerts from the low-risk ones, freeing up your team to focus on big-picture projects and solutions.
There’s no one-size-fits-all cybersecurity solution, but understanding your business’s needs—and restructuring accordingly—is an important first step in making sure your IT department is prepared for anything.