What do you do when you leave your house, park your car, or close your office? You ensure they are locked and you may enable an alarm system. Why take such precautions? For protection.
Regarding your businesses computer system, what precautions have you taken to ensure its security? Could you assess the potential financial risk to continued operations if hacked?
Conventional security systems rely on firewalls, anti-virus screens and other anti-spyware software to monitor system health. They focus on incoming data transfers. How would you know if someone inside your organization was transferring data? Are you aware that there is existing technology to apply behavioral forensics and screen for anomalous computer activity? This technique works regardless of other installed security systems to quickly identify a compromised computer.
Everyone claims that cyber security ranks highly in their list of priorities, but have you fully considered the impact of a successful compromise? Where does protection of critical information for continuity of business operations rank? There are many important key functions that business leaders must accomplish. Among these are a well thought out business plan, an impeccable reputation with your customer base, a highly skilled and motivated workforce, and scrupulous adherence to laws, rules and regulations. Historically those components would be sufficient, but threats evolve. In an age fueled by instantaneous information demands through a variety of media, the loss or compromise of data, sales, or proprietary information due to a cyber attack can have disastrous consequences for business owners and managers.
Newspapers, professional journals and on-line articles contain daily examples of threats to cyber security. The Department of Defense recently established a four-star command to monitor and respond to threats to its networks and commanders’ abilities to command and control operating forces. Despite daily threats, proposed legislation to manage cyberspace use is met with significant resistance, due primarily to increased government involvement outside of its perceived authorities. The Obama Administration has addressed and researched the problem, but the fact is that the internet is simply too vast and issues of government intrusion, personal privacy, and effective oversight represent considerable obstacles to progress.
Dependency on the cyber realm as an operating space for commerce and transactions, along with voluminous data storage, exchange and transmission, combine to make a business owner’s dilemma. Large firms may have cyber protection and network security functions assigned to the information technology (IT) department. Medium and smaller companies face resource requirements that demand a different response and may depend on the leadership’s level of knowledge and proficiency alone. Regardless of size of a business, essential mitigation strategies are available. The following points are critical for business leaders and managers to consider when operating in cyberspace:
- Recognize cyber security is a strategic decision. Along with other business functions vying for manager’s time and talent, acknowledging the cyber threat as real and growing is prudent. Protecting business-critical data exchanged in networks, servers and individual client machines requires sufficient planning, resourcing and monitoring.
- Network intrusions can be detected. There are tools and software applications available to detect and thwart unauthorized attempts to breach network integrity. Enabling procurement, maintenance, and operations of these aids are essential management functions.
- Training is fundamental. Effective information assurance efforts, best practices, and compliance require workforce training. Consequences to business goals and objectives, through acts of omission, or commission should be reinforced.
- Plan to act. Identifying self-defense measures for network users and technicians when an intrusion, denial of service, compromise, or loss of information occurs is advantageous. Empowering employees to act promotes responsibility and awareness of a problem before it becomes a debilitating casualty to business processes.
- Develop a contingency restoral and operating plan. Time spent with managers and operators rehearsing, training and brainstorming a typical scenario that could jeopardize operations is an investment. An informal exercise creates ownership, challenges stakeholders to contribute to solutions, and promotes innovation to continuity of business operations not previously considered.
Conducting business with confidence in cyberspace is an acquired skill for small and medium sized companies. Indeed there are challenges; however, these are not insurmountable. Just as adequate preparation, effective training and sufficient resourcing are crucial to all aspects of business, so are a manager’s attention and prioritization of available resources – sound leadership – essential to cyber success.
As with many technological advances, cyber security continues to evolve. Computer behavioral forensics provides security from outside attack or a mole from within without constant updating and monitoring by IT personnel. When the last person leaves your business daily and the locks and alarms are set, is your computer network equally protected?
Bill Barns, MBA / Principal Analyst, and Colin Claus, MBA / Senior Analyst, are partners at Sonalysts, an employee owned company. They may be contacted at 757-490-3927. The company’s website is: www.sonalysts.com