The nature of information security is that it is ever evolving. As we become more technologically advanced, new challenges present themselves. The key is to never become complacent, and always keep an eye out for advancements that can protect you, your team and your clients.
Regulatory compliance moves at a pace that attempts to keep up with risks that develop over time, but ultimately, you want a CISO that is agile and responsive. Below, we have listed the top five lessons we have learned from 2017 virtual regulatory compliance and information security.
5) You cannot always rely on big companies to perform the necessary updates to security measures, or react to them appropriately.
While everyone has likely heard of the security failure of Equifax where millions were affected, who knows what the root cause of the problem was?
It boils down to a series of mistakes that put themselves, and their clients at risk. Number one, they were informed of vulnerability in their system, and given a patch to fix it. This patch, however useful, was not put in place in a timely manner. In addition to this lack of attention to time, they reportedly discovered the breach in May, and neglected to inform the public of it until late June.
Continuing the series of unfortunate events, when the company set up a website where users could determine if their records had been affected, they actually publicly listed an incorrect website. This lead dozens of concerned people to potentially release their personal information to another disreputable source.
4) No industry that handles sensitive information is immune to cyber attacks.
Equifax captured the attention of millions by the infamous data breach that happened earlier this year, but who paid attention to Forever21, Sonic or Uber? These companies were affected in two very different ways, but the take away is the same. No company is safe from the threat of a data breach.
While pondering the events that have lead to each event in this year’s saga, it makes you wonder, how often did they perform a risk management assessment? What simple steps could they have taken in order to prevent this loss of reputation?
3) Offices remain largely unaware of the risks their daily activities pose to their company’s security levels.
Three activities that can put the cyber safety of themselves and their collegues are, unsurprisingly, related to passwords.
- 41% of online adults have shared the password to one of their online accounts with a friend or family member.
- 39% say that they use the same (or very similar) passwords for many of their online accounts.
- 25% admit that they often use passwords that are less secure than they’d like, because simpler passwords are easier to remember than more complex ones.
The other issues that are related to risky cyber security behaviors are emailing passwords, opening emails from unknown sources, using unsecure wireless connections when traveling, and emailing secure client information within their organization.
2) Malware and Phishing scams are still a prevalent problem, and are becoming smarter.
This year, Trojan downloaders were sent out in ZIP files, that once uncompressed, then immediately allowed other malware programs to download onto the victim’s computers. These emails came in the form of fake notifications, like what you would typically see when an email fails to send, or would be presented through links to fake tracking information.
With steps like these, it’s easy to catch people unaware and accidentally invite a malicious program onto your computer.
1) While technology is becoming more advanced, it does not remain infallible.
This one is kind of more funny than dangerous, but does relate to how secure you’re able to keep your data. With the advent of the fingerprint scan, it quickly was incorporated into every day use. Many apps from banking to entertainment, to organizational, can use that as a tool to verify your identity.
This was great, and people had fun discovering what other items you could use to act as a “finger print” (ex: cat’s paw, nose tip), and discovered that certain factors would prevent the button from reading your fingerprint (greasy fingers, dirty screen…).
Then came the iPhone X – instead of a fingerprint, it uses facial recognition software to provide a similar service. There are 2 issues that immediately present themselves when discussing this development. The first is that the facial recognition doesn’t work in low light; the second is that many people inadvertently are unlocking their phones when looking down at the locked screen. The former is a minor inconvenience; the latter can lead to some embarrassing circumstances depending on the user.
Do you have anything you’d like to add to the list? Would you like to have your company tested for information security risks? We would like to hear from you.