Connect with us

Security

Using Cyber Security As A Competitive Advantage

Published

on

Do you always wonder why your information technology person drones on and on about cybersecurity while you’re just hoping they don’t notice your eyes starting to glaze over?

As the president of an IT firm, I’ve witnessed this firsthand. But don’t worry, I’ve developed a breakdown of what leaders need to know when it comes to cybersecurity and how you can use it as a real competitive advantage:

Productivity: Many small-business owners, in my experience, envision cybersecurity as “nice to have” in comparison to a must. But cybersecurity should be thought of as a form of business continuity. This gives you the upper-hand when it comes to production. Prepare for hackers with fail-safes, like image-based backups, to set your company up for disaster recovery and misbehaving employees.

Public relations: Not having a real cybersecurity framework can also turn into a PR business killer. Let’s look at this through the eyes of a small-business-level company: Think about how others would perceive your lack of care for their data. To use your cybersecurity as a competitive advantage when it comes to public relations, show your clients how seriously you take the security of their data. And if your competitors’ clients start leaving because of a breach on their end, you will be ready for them.

Gaining and retaining employees: Cybersecurity can help you lock down your most important information not only from evil-doers but also from competitors. For example, if a salesperson leaves your organization and joins a competitor’s, they might try to take your company’s intellectual property along with them. To avoid this, you can implement IT policies, software and configurations. Even if you try to enforce a non-disclosure agreement, having these types of components in place can help supply proof if (or when) malicious activity has occurred.

Getting Started With A Base Framework

As a business leader, it is your responsibility to think about the future, but cybersecurity is changing faster than summer blowing through Chicago. The question has become, “How do you stay ahead of the next wave?” I recommend you start with a base framework.

Start by shoring up the protection for your edge, email and endpoints. When someone wants to add something malicious to your system, they are generally coming in through one of those ways. Ask your IT provider what they are doing to protect each of those areas.

To make their answers a little more palpable, there are a few things you can ask about specifically. For the edge, for example, you might ask about next-generation firewalls or universal threat management devices. And for your endpoints, you can ask for solutions beyond just antivirus software, such as deep learning.

With email, you want tools in place that allow for spam filtering and click protection. Even more importantly, inquire about training for your users. Corporate-sponsored or internal phishing attacks are one example. These attacks allow your company to test its users’ ability to spot a phishing email without being really attacked.

After you have your ports of entry secure, you should also have a business continuity and disaster recovery plan in place. It’s imperative for every business to have the ability to reverse time (at least in regards to its data). If you don’t have a way to turn back the clock on your entire system quickly and easily, you are just asking to burn money.

To ensure you are not in the burning-money category, consider using an image-based backup that takes hourly snapshots of your system and backs up in two completely separate locations with a different operating system than the one you use every day. A number of companies, my own included, provide this type of service. Viruses spread using the same operating system, so having a different one back up your system is another layer of protection. The devil is in the details, and the details are your people’s time. A backup as described can have you up and working in an hour, whereas a traditional backup would take you at least a week to get your people working again.

Preparing For Challenges Along The Way

However, there are challenges to consider when you implement cybersecurity systems into your company. For example, does your system adhere to compliance laws? Your business might not be under any compliance laws yet, but I believe it’s only a matter of time until it will be.

The General Data Protection Regulation from the EU has already caused a stir in the U.S. In fact, Arizona has already adopted a similar compliance law, and California’s consumer privacy act will go into effect in January 2020, according to CNBC. Considering Arizona’s law includes fines up to $500,000, it could be wise to get out in front of these changes to the law.

Doing so allows you to become the receptacle for all the clients who no longer have a provider because your competitors have been fined to death. Start looking at the National Insititute of Standards and Technology Cybersecurity Framework as your advance cybersecurity framework. Compliancy laws will model themselves after this. This standard defines how to protect the access to your data at rest and in motion.

Final Thoughts

A company’s competitive advantage comes from realizing the time gained for its employees in comparison to the capital investment in cybersecurity. This lines ups with one of my favorite old adages, “An ounce of prevention beats a pound of cure.” The companies I have seen be successful in this area know cybersecurity is not a “nice to have” but as a must.

Additionally, when budgeting IT infrastructure and cybersecurity, they should be seen as two separate line items. It is true they work together for your business, but IT infrastructure is for operating and cybersecurity is for protecting. They have completely different goals like gas and brake pedals.

Source: https://www.forbes.com/sites/forbesbusinesscouncil/2019/10/09/using-cyber-security-as-a-competitive-advantage/#6559ad827ff7

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Firm introduces new cyberthreat detection service

Published

on

By

Sophos, a global leader in network and endpoint security, has announced the availability of a fully managed threat hunting, detection and response service, called Sophos Managed Threat Response.

The firm said the re-sellable service would provide organisations with a dedicated 24/7 security team to neutralise the most sophisticated and complex threats.

According to a statement, these threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally.

“Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes, and Sophos MTR helps eliminate this threat,” it said.

The Chief Technology Officer at Sophos, Joe Levy, said cybercriminals were adapting their methods and increasingly launching hybrid attacks that combined automation with interactive human ingenuity to more effectively evade detection.

He said, “Once they gain a foothold, they’ll employ ‘living off the land’ techniques and other deceptive methods requiring human interaction to discover and disrupt their attacks.

“For the most part, other managed detection and response services simply notify customers of potential threats and then leave it up to them to manage things from there.

“Sophos MTR not only augments internal teams with additional threat intelligence, unparalleled product expertise, and round-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralise even the most sophisticated threats.”

Source:
https://punchng.com/firm-introduces-new-cyberthreat-detection-service/

Continue Reading

Security

Google now treats iPhones as physical security keys

Published

on

By

The latest update to Google’s Smart Lock app on iOS means you can now use your iPhone as a physical 2FA security key for logging into Google’s first-party services in Chrome. Once it’s set up, attempting to log in to a Google service on, say, a laptop, will generate a push notification on your nearby iPhone. You’ll then need to unlock your Bluetooth-enabled iPhone and tap a button in Google’s app to authenticate before the login process on your laptop completes. The news was first reported by 9to5Google.

Two-factor authentication is one of the most important steps you can take to secure your online accounts, and provides an additional layer of security beyond a standard username and password. Physical security keys are much more secure than the six digit codes that are in common use today, since these codes can be intercepted almost as easily as passwords themselves. Google already lets you use your Android phone as a physical security key, and now that the functionality is available on iOS it means that anyone with a smartphone now owns a security key without having to buy a dedicated device.

Attempting to log in to a Google service will send a push notification to your phone over Bluetooth.

The new process is similar to the existing Google Prompt functionality, but the key difference is that Smart Lock app works over Bluetooth, rather than connecting via the internet. That means your phone will have to be in relatively close proximity to your laptop for the authentication to work, which provides another layer of security. However, the app itself doesn’t ask for any biometric authentication — if your phone is already unlocked then a nearby attacker could theoretically open the app and authenticate the login attempt.

According to one cryptogopher working at Google, the new functionality makes use of the iPhone processor’s Secure Enclave, which is used to securely store the device’s private keys. The feature was first introduced with the iPhone 5S, and Google’s app says that it requires iOS 10 or later to function.

The new iPhone support appears to be limited to authenticating Google logins from the Chrome browser. When we attempted to use an iPhone to authenticate a login of the same service (we tested with Gmail) using Safari on a MacBook, we were prompted to insert our key fob (which we don’t have), meaning it created an extra step in our login process where we had to pick an alternative 2FA option.

Source:
https://www.theverge.com/2020/1/15/21066768/google-iphone-ios-security-key-2-factor-authentication

Continue Reading

Security

Samsung made a fingerprint-secured portable SSD

Published

on

By

Portable SSDs have become quite popular lately but only a handful of them offer proper security so Samsung is taking matters into its own hands by introducing the T7 Touch with fingerprint reader identification. This way you can rest assured that your sensitive data is safe even if you misplace the actual drive.

Samsung made a fingerprint-secured portable SSD

The T7 Touch succeeds the T5 from last year by offering a capacitive fingerprint scanner and AES 256-bit hardware encryption and password for added security. Moreover, the T7 Touch boasts about 1 GB/s read and 1 GB/s read speeds, which is almost twice as fast as its predecessor.

Connectivity options include USB-C to USB-C and USB-C to USB-A while the connector of the device supports 10Gbps speeds over USB 3.2 (Gen 2).

The T7 Touch comes in three flavors – 500GB for $129, 1TB for $229 and 2TB for $399 with planned availability this month. The available paint jobs of the titanium case are black and silver and the whole thing weighs just 58 grams.

Source:
https://www.gsmarena.com/samsung_made_a_fingerprintsecured_portable_ssd-news-40949.php

Continue Reading
Advertisement

Trending

%d bloggers like this: