So far, we seem to be surviving COVID-19, but what about online viruses? With most of our organizations now being distributed, there are other viruses we need to consider in order to protect our data and our organization’s intellectual property. We will not delve into that list of viruses here, but rather focus on that ounce of prevention that is well worth a pound of cure.
We have already discussed the risks of a distributed organization and the nefarious work of bad actors on your employee email and video chat rooms, especially since most employees are working from non-secure locations. Remember the “Do I need to put a password on my laptop?” employee question? Yeah, there is more to be done.
For organizations, there are preventive measures you can adopt to prevent a loss. Ever heard of penetration testing? This is a practice where a known and trusted organization (such as a Tek.Advisors partner) will attempt different methods to penetrate your network and your data. The result of this testing is that you get a report of what you are already doing well and, more importantly, where you may have an issue, such as a database form page on your web site that may allow someone to penetrate your entire company’s data. Yes, it does happen.
You may say think that because you’re in the cloud it can’t happen to you. Your cloud applications and cloud data may be just as vulnerable. Are you in a secure, private cloud, or the public cloud? Not sure? Maybe we should run an outside scan for you and see where you may have an issue.
We’re not trying to scare you or tear down your current efforts but provide some fresh thinking about your public exposures. Have you ever had a source code scan performed? Are there any application vulnerabilities that need to be assessed? “We have a security department for that,” you might say. That’s very good if you do but we’ve learned that, much like proofreading your own writing, you sometimes scan right over what appears to be an obvious typo to a fresh reader.
You may want to consider an occasional third-party review of your systems for business continuity and compliance standards. It is just a good best practice overlooked by many organizations. With the glut of other issues and activities we all face today, now may be the best time to have a third party take a look. As my grandfather always told me growing up, an ounce of prevention is certainly worth a pound of cure after the fact.