'Best of Cybersecurity' Articles: 2018 Recap
As we wrap up 2018 and start looking forward to 2019, we thought it would be helpful to share some of our favorite cybersecurity articles from this year!
You may also want to check out our online Cybersecurity Information Center, three new whitepapers and a series of educational webinars.
Now is the perfect time for firms to reflect on what’s often classed as a key contributing factor to cyber breaches – its employees. We hate to admit it, but human error tends to be the weakest link of any defense practices firms have in place. The IBM X-Force Threat Intelligence Index 2017 advises that simply having the right technology is not enough to ensure protection from threats we’ve seen grow in frequency and sophistication, of late. Reputable airline, British Airways, is one of many businesses to fall victim to a reputation damaging data breach in 2018, compromising the personal and financial details of approximately 380,000 customers.
Read more on how to build a strong human firewall for your firm here.
Mitigating technology risk is a critical step to ensuring your firm operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
See more on how to mitigate technology risk for your fim here.
All too often we hear from firms before a IT and cybersecurity audit asking what they can do to make the audit process go as smoothly as possible. Fortunately, there are steps you can take to ensure a stress-free audit. In this two-part blog series, we will help you create a checklist to prepare for your audit and also remediate the findings post-audit.
Read the 12 steps on how to prepare for an upcoming tech & cyber audit here.
An often overlooked, but critical component of disaster recovery (DR) solutions is testing. If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? The most common reasons include:
- a lack of time to commit to DR testing;
- a lack of understanding as to how to go about testing their solutions;
- and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.
Click here to see some FAQs on DR testing, including common questions we hear from our clients
#5: What is the Difference Between a Written Information Security Plan and a Business Continuity Plan?
There is no doubt that in today's world, data security and privacy is a hot topic. With the upcoming General Data Protection Regulation (GDPR) in the EU and cybersecurity constantly being in the headlines, investment firms are constantly facing scrutiny and questions from investors on what measures they take to secure their data. While most organizations have a formal cybersecurity posture, it is also crucial to have a Written Information Security Plan, also known as a WISP, and a Business Continuity Plan, also known as a BCP. While these are both formal plans to protect your organization, many firms confuse the two.
Continue reading to understand the differnece between a written information securirity plan and a business continuity plan
From a personal perspective, there are a variety of reasons that individuals update applications on their personal devices (think mobile phone or iPad). For example, with Social Media applications drivers to update include new features, faster load times, and bug fixes. But from a business perspective, it is imperative to keep applications up to date on your devices.
Here's our take on benefits of keeping applications up to date, why it's crucial from a security perspective, and some of the potential risks of legacy applications.