Small and medium businesses without trained IT staff can find it hard to manage their cyber security. Products and services are becoming more customized, new updates are released and compliance requirements become broader. Organizations that rely on vendors and third parties to manage their exposures must be aware of problems before their systems fail.
According to Winquest Enterprise Management Systems, there arefour symptoms that cyber security is failing:
- Users can routinely access privileged activities. Access to critical data and functions should be restricted. Users should need multi-factor authentication for access, or only allowed temporary access for a limited time. Organizations that fail to limit access are more vulnerable to phishing scams or other hacker tactics to gain unauthorized access.
- IT vendors do not provide product updates or security patches.Cyber security requirements are a moving target as threats, compliance requirements and regulations change. When choosing a vendor, make sure they are committed to regular updates and will install all new patches as soon as practicable.
- There is no incident response plan. It cannot be emphasized too much - failing to plan is planning to fail.While data breaches can be detected sooner (in 2007 the TJX breach took 18 months to detect; ten years later the Equifax breach was detected in less than three months), organizations need constant monitoring for threats and prompt response to minimize loss.
- There is no backup for critical information. Businesses need real time, accurate information to operate. If they do not have backup at a secure location they will not be able to resume normal operations quickly. In extreme cases this can lead to business failure.
While Cyber insurance including business interruption can minimize loss from a data breach, it is not a substitute for having security that will mitigate if not prevent a breach.