In a recent article by Anthony Munns and Lawrence Newell in the St. Louis Business Journal, cyber attacks are described as a “matter of ‘when’ not ‘if’”. A few recent security breaches at local businesses in our hometown of St. Louis have brought this topic front and center. Six steps are mentioned for organizations to address cyber security:
- Aside from credit card data, there are other actions hackers may take such as denial of service attacks which can quickly bring down entire websites. The variety of threats is constantly changing and it is important to step back and evaluate any data that may be at risk.
- Identify where that data is located and how it is process and transmitted. Appropriate security measures and protocols have to be put in place to reduce unauthorized access or other potential threats.
- External and internal penetration testing is becoming increasingly important to reduce potential risks. This is a form of “ethical hacking” which helps determine potential vulnerabilities by the “good guys” going in and trying to crack through the system.
- Raise awareness and provide periodic training to employees. This should help reduce employees becoming victims of phishing attacks which can rapidly spread throughout an organization’s network.
- Look into cyber risk insurance which may be appropriate in some cases
- If a security breach does occur, be prepared to respond quickly. According to the article, there are studies that show that there’s a close relationship between the time it takes to contain an attack and the costs involved in doing so. Ensuring you have an incidence plan in advance can not save some costs, but can potentially save the entire organization.
I got a chance to catch up with Steve Gryzbinski, our Director of Security. He gave me a quick overview of Connectria’s Cyber Security measures and policies:
“Connectria excels in assisting customers on the road to addressing cyber security. Connectria will work with all customers to determine the level of protection that is needed for their environments, from assisting in protecting from DDoS attack to managing an IDS. We have a knowledgeable staff to help in understanding the risk associated with the maintaining private data and to be able to wrap the proper controls and safe guards around the systems that host the data. In addition to assisting with implementing systems that protect a customer’s data, we will work with third party vendors to make sure that all compliance needs are met and implemented. Finally, Connectria maintains a formal and documented Incident Response Plan for handling security incidents that addresses incident management responsibilities, evidence preservation, and chain-of-custody procedures including customer notification procedures.”
I have to add that Connectria has never had a large scale security breach since its inception and provides a 100% secure guarantee on all managed hosting plans. A plan like this may have saved our local businesses the huge financial hit associated with the cost, along with angry customers and a damaged reputation.
Does your organization have a response plan?