LBMC Information Security tips on How NOT to get Hacked

NASHVILLE, Tenn., Oct. 26, 2016 /PRNewswire/ -- As companies have expanded their firewalls and made their operating systems more secure, cyber-attacks have evolved, becoming even more sophisticated. While many organizations now have basic protections in place, cyber-attacks are increasingly moving outside the traditional network perimeter. To ensure they are protected against evolving threats, businesses have to change their strategies on protecting data.

While it is impossible to completely prevent security breaches, taking a few important steps can greatly reduce an organization's susceptibility.  As we enter the busy holiday season – a target rich environment for hackers, LBMC Information Security, a national leader in cyber security and risk management, wants to share some brief highlights on how businesses can best protect themselves today. To learn more about best practices, download our breach guide at http://www.lbmcsecurity.com/resources/breach or contact Mark [email protected] at 615-377-4600.

In order to implement proper defenses, businesses must look at four key areas:

1. Identify potential targets.
   A business should conduct an asset inventory so they know what they have. After all, a business can't protect what they don't know about.  Create or update an inventory of systems and data. Also, ensure sensitive data and critical systems (end user PC's, servers, etc.) are properly labeled and addressed.
2. Assess the risk to each target.
   In order to determine where to direct limited resources to ensure they have the most impact, identify the targets that are most likely to be compromised.  There are many effective tools that can help with risk assessment, but the most important thing is taking an active approach – do something!  Consider the effectiveness of existing controls and look at weaknesses, and address the most glaring issues soonest. Ignorance of security risks is not an acceptable defense.
3. Evaluate the organization's risk appetite.
   Many factors can impact a company's decision to accept or mitigate a security risk, such as the company's industry, the company's size, the financial health of the company, and the company's stage of maturity.  Ensure that company leaders have the information they need to make well-informed decisions regarding which risks should be mitigated and which can be accepted (or ignored).  The risk assessment suggested above is a great place to gather that information.  Once the information has been compiled, a key component is effective communication.  If business leaders don't understand the technical jargon, they may not be able to make a good decision, so be sure to communicate the risks in language that is appropriate for the audience.
4. Manage risk to an acceptable level.
   Once risks have been identified, acknowledged, and catalogued, develop an action plan for addressing them.  The action plan will likely include developing and implementing robust security policies and standards, and educating employees with awareness training. Deploy defenses to address the biggest risks, but recognize that fully eliminating risk is unreasonable (and too costly) in most cases.

Once risk mitigation plans have been implemented, monitor the environment to confirm the newly implemented controls are functioning effectively and to identify when anomalies occur. Periodically re-evaluate controls and security with risk assessments and penetration testing.

LBMC Information Security, a member of The LBMC Family of Companies, is a national leader in IT Security. They help clients build and maintain security programs that reduce risk, mitigate threats and maintain compliance.  For more information visit www.lbmcsecurity.com

Photo - http://photos.prnewswire.com/prnh/20161026/432764 

SOURCE LBMC

Related Links

http://www.lbmcsecurity.com