According to a February 2013 report released by the U.S. Director of National Intelligence, Chinese hackers are engaged in a massive, ongoing cyber-espionage campaign targeting U.S. companies. The systematic campaign targets nearly every sector of the U.S. economy, from aerospace and automotive to finance, energy, media and technology—even breaking into the New York Times and Wall Street Journal. Estimated losses are tens of billions of dollars in compromised intellectual property.
Other countries’ cyber-espionage programs cited in the report—France, Russia and Israel, among others—are less widespread but just as dangerous, and all for economic gain. American intellectual property and business secrets—perhaps yours—are worth billions of dollars.
Sunstates president Glenn Burrell says, “This is not a plot from an action-thriller film; it is real and happening right now.”
Is your company doing all it can to prevent cyber-attacks and protect valuable assets? Burrell offers the following best practices to enhance your security.
Best Practices for Cyber-Defense
- Assess network infrastructure and identify risks. Organizations must assess their network infrastructure and make sure that their IT staff has the support from management to build a successful security program. Then, they need to establish a system for identifying and analyzing security risks.
- Create and document cyber-security policies. Companies need to identify every segment of their infrastructure and place everything under the governance of their security policy. Look for vulnerable or unprotected devices or access points, and define the process by which these vulnerabilities are to be removed or brought into compliance.
- Implement and test firewalls. Firewalls are the first line of defense in any network. While they are common practice nowadays and not to be overlooked, they are not always sufficient, however, particularly with laptops, which may have outdated anti-virus software or firewalls.
- Secure remote access with strong authentication techniques and quarantine technology that identifies vulnerable remote devices.
- Control access to high-level risk points such as servers, back-ups and administration systems with stringent security policies.
- Establish password policies that make passwords harder to break. Mandatory password resets, password requirements such as using both upper and lower case characters, special characters, numbers, minimum length, etc., are all techniques that increase password security. The majority of hacked passwords consist of names, birthdays, all the things that most people will have as their passwords. Cyber-security audits still routinely find computers with passwords taped to the underside of keyboards, a practice that should be strictly forbidden by any security-conscious organization.
- Conduct annual third-party security audits. Audits can identify hidden or overlooked vulnerabilities in an organization’s infrastructure. Companies should not wait to be attacked before performing a security audit. Auditors have the resources to test—and strengthen—an organization’s cyber-defenses.
For assistance with your cyber-security needs, contact Sunstates Security today. Our specialists can help you develop a security plan tailored to your unique situation.