6 Steps to Address and Prepare for Security and Compliance Concerns

In a recent article by Anthony Munns and Lawrence Newell in the St. Louis Business Journal, cyber-attacks are described as a “matter of ‘when’ not ‘if’”.  A few recent security breaches at local businesses in our hometown of St. Louis have brought this topic front and center. Have questions or concerns about your organization’s security and compliance? Contact us today and keep reading to learn more.

Six steps to address cybersecurity

1. Evaluate data. Aside from credit card data, there are other actions hackers may take such as a denial of service attacks which can quickly bring down entire websites. The variety of threats is constantly changing and it is important to step back and evaluate any data that may be at risk.
2. Identify where that data is located. It’s important to understand how data is processed and transmitted. Appropriate security measures and protocols have to be put in place to reduce unauthorized access or other potential threats.
3. External and internal penetration testing. This is becoming increasingly important to reduce potential risks. This is a form of “ethical hacking” that helps determine potential vulnerabilities by the “good guys” going in and trying to crack through the system.
4. Train your team. Raise awareness and provide periodic training to employees. This should help reduce employees becoming victims of phishing attacks which can rapidly spread throughout an organization’s network.
5. Have insurance. Look into cyber risk insurance which may be appropriate in some cases
6. Have a plan of action. If a security breach does occur, be prepared to respond quickly. According to the article, there are studies that show that there’s a close relationship between the time it takes to contain an attack and the costs involved in doing so.  Ensuring you have an incidence plan in advance can not save some costs, but can potentially save the entire organization.

Cybersecurity at Connectria

I sat down with Steve Gryzbinski, Connectria Director of Security. He gave me a quick overview of Connectria’s security and compliance measures and policies:

“Connectria excels in assisting customers on the road to addressing security and compliance. We work with all customers to determine the unique level of protection that is needed for their environments, from assisting in protecting from DDoS attacks to managing an IDS.  We have a knowledgeable staff to help in understanding the risk associated with maintaining private data and to be able to wrap the proper controls and safeguards around the systems that host the data.  In addition to assisting with implementing systems that protect a customer’s data, we will work with third-party vendors to make sure that all compliance needs are met and implemented.  Finally, Connectria maintains a formal and documented Incident Response Plan for handling security incidents that address incident management responsibilities, evidence preservation, and chain-of-custody procedures including customer notification procedures.”

Connectria provides a 100 percent secure guarantee on all managed hosting plans. A plan like this may have saved our local businesses the huge financial hit associated with the cost, along with angry customers and a damaged reputation. Does your organization have a response plan?