Feature Story

Security is everyone's business

by Stephanie Chan

Security is everyone's business

Five steps companies should take to make sure every person is part of the security solution.

It seems that each new month we hear about another security breach. Big names in banking, finance, healthcare, hotel, and retailer have all been susceptible to security scandals within the last few years, and it’s clear that companies of all sizes need to implement a more comprehensive security plan. The Reputation Institute states that in the United States, a data security violation is the most detrimental scenario to the company’s reputation.

“[It’s] far more damaging than a CEO crisis, a product issue, or a massive staff turnover," writes the Reputation Institute.

So how can organizations plan for something like this? First, it should be everyone’s business to care—cybersecurity should be distributed across the enterprise, known to every employee. While not everyone may initially believe that security is their responsibility, simple steps like multi-factor authentication or companywide policy can go a long way in protecting a company. Here are five steps companies can take to make sure everyone is part of the solution:

1. Practicing cybersecurity hygiene

Cybersecurity hygiene is a set of best practices that employees and computer systems admins can take to improve their cybersecurity. Some of these practices include:

  •             Making sure routers and firewalls are configured properly
  •             Updating lists of authorized and unauthorized users
  •             Properly installing and configuring all anti-virus and anti-malware software
  •             Use strong passwords and multi-factor authentication

2. Start simple: Password security and eliminating complexity

Another way to ensure better security for your company is to eliminate complexity—SVP of Cisco’s Security Business Jeff Reed tells SDxCentral that security professionals are able to simplify their environments by using fewer products and adopting a platform approach. By having fewer and more strategic vendors, businesses can better implement their threat response.

Multi-factor authentication (MFA) is a best practice for cybersecurity hygiene, and Cisco’s 2018 acquisition of Duo Security shows the importance of MFA in today’s landscape. The MFA process asks two or more pieces of information from the user as an authentication mechanism. Duo’s two-factor authentication, endpoint remediation and secure sign-on help businesses stay safe.

3. Securing the cloud

While cloud usage is great for data storage and management, companies need to emphasize their cloud security approach. Not only do businesses need to transition to the cloud securely, they also need to protect their user’s data in the cloud.

Cisco is simplifying this process by consolidating a range of security services into one, cloud-delivered security dashboard. This solution allows companies to get better visibility and control over all protocols, even encrypted web traffic. At this year’s Partner Summit conference, Cisco announced that customers can accelerate their cloud adoption with DNS-layer security, secure web gateway, cloud-delivered firewall, interactive threat intelligence, and more.

4. What is the Zero Trust model?

Zero Trust is the idea that you should assume zero trust when someone or something requests access to various work assets. Today’s workplace includes more users, connections, and devices than ever before, so it’s crucial for companies to control their overall attack surface.

Cisco’s Zero Trust security framework creates secure access for the workforce across networks, applications, and environments. This is done by enforcing policy-based controls, giving visibility across the entire environment, and providing logs and alerts for threats. Cisco was also recently named a leader in The Forrester Wave: Zero Trust eXtended Ecosystem Platform Providers, Q4 Report. Duo Security provides zero-trust security for workforce, tetration provides zero-trust security for workloads, and SD-Access provides zero-trust security for workplace. Read more about the report here.

5. Disaster plan: What if your company is breached?

Despite implementing best practices and the newest security platforms, companies must prepare a plan of action in case of cyberattacks. Disaster recovery and continuity plan can dramatically reduce the amount of time between breaches and restoring services. The World Economic Forum outlines four main things to keep in mind while developing a disaster plan:

  1. Define key assets: What are you protecting, and what important assets might be lost in the case of a breach?
  2. Identify recovery solutions: Outline your mitigation plans, such as data replication to a secure location
  3. Develop and communicate the plan: Determine who is responsible for enacting the plan
  4. Review and practice: Regularly review with employees and update the plan with new policies

Read Duo Security co-founder Dug Song’s thoughts on the biggest security trends and tips by clicking here.

 

###

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.