Cybersecurity principles that keep companies secure in the 21st century
Jul 03, 2020
In the last decade, data breaches have exploded. For example, Data Breach QuickView Report pointed out that the year 2011 set a new record with over 1,200 cases of data breach, followed by 2,644 cases in 2012. Growing rapidly each year, in 2019 the number reached 7,098 cases.
Anyone who has your data — companies, government institutions, even cities — is at risk. This can change only if we redefine the foundation upon which the infrastructure is built. In this article, we look at why old ways don’t work, and explain several cybersecurity principles that have to be taken more seriously.
Why old methods no longer work
If asked, most executives would claim that client data is their company’s highest priority. They might also follow up with a bunch of reasons why. But if you look closer, you’ll notice plenty of inconsistencies in their story.
You can’t blame them. Cybersecurity is a weak-link game. This means that the company's security is only as strong as its weakest component, because hackers will always take the easiest route they can find.
Remember the laser dance from Ocean’s Twelve? So much trouble to steal a Fabergé egg that had already been stolen. And in a much easier way, too. So why would hackers spend weeks cracking your passwords when your co-worker keeps them on a sticky note? To avoid these mistakes, start by following basic cybersecurity principles.
3 Fundamental cybersecurity principles
Below are three simple but essential cybersecurity principles that can serve as a foundation for any business.
In simple terms, security starts at the bottom and works its way up. You may have seen movies where the villain tricks a reluctant janitor or a sleepy night guard into giving him access to a restricted area. This is what happens in cybersecurity as well. Unless all members of the company are educated about the dangers of cyberattacks, sooner or later someone is bound to give away sensitive information.
Get everyone involved: every department, juniors and executives, permanent staff and part-time employees. Learn together, define responsibilities, reward efforts. Building company culture focused on cybersecurity will take time, but the benefits are invaluable.
We knew very little about ransomware until 2016. But 4 years later, entire cities are paralyzed by these attacks.
Cyberattacks evolve to test new theories, catch people unprepared, and make the most out of every opportunity. The only way to stay protected is to continue learning about new attacks and vulnerabilities, and then pass the knowledge on to coworkers and employees.
Cybersecurity by design
When you’re creating a new process, flow, or a product, cybersecurity should be at the forefront.
- Focus on privacy
- End-to-end encryption
- Use strong passwords and 2FA
If you're launching a new service, make sure you only collect essential data, and users understand the intent clearly.
Companies often leave unused data exposed for far too long. Tools like NordLocker help you store data securely. You always control access to files, so only what's necessary gets shared.
Data leaks can often be easily prevented. But for the sake of convenience, we choose to use weak passwords or no passwords at all. Establish a non-negotiable, 'no default passwords’ rule. Reminders to change passwords might work, and so might password managers and two-factor authentication.
Cybersecurity framework for 21st-century companies
The easiest way to think about cybersecurity by design is to consider a simple framework that everything revolves around.
Analyze the areas where your company's data could be exposed. Consider all physical and digital theft possibilities. Do your employees have sensitive data on their computers? Do you have any suppliers that could be targeted to get to you? Could someone enter your company unnoticed?
CEOs often think that their company is safe from all kinds of risks. And then they're floored after finding out that their employees have given away vital information without even realizing it. CEOs get tricked as well. And all it takes is a clever story, a fake badge, and a clipboard.
In other words, if you don't know your weak points, you cannot defend them. So dedicate time and resources to do a proper analysis, or hire outside help if you need to.
If you've been following us for a while, you might have heard us say that there are no hack-proof security systems. So why set up cybersecurity systems at all? The truth is, while everything can be hacked, thieves will always go for the easy target. Make it hard enough and they will leave you alone.
If you've done a thorough analysis, you'll know what you need to do. Start plugging those security holes and make cybersecurity education a priority. This way, you're building a company culture where everyone carries responsibility.
Surveillance and detection is another key principle. If you've analyzed vulnerabilities and set up defenses, this step will be easy. Surveillance and detection can be summarized in three steps:
- Monitor systems for unusual behavior.
- Perform regular system checks.
- Drill your employees with phishing and social engineering tests.
Imagine different hacking scenarios and plan your response. Ransomware attacks are often successful because hackers take victims by surprise. A time limit evokes even more stress. Would you pay $200,000 to get back client data’ is a hard question by itself. But imagine having one hour to answer it while your company's reputation is on the line. Very few people could think straight under such circumstances.
If you ever find out about a security breach in your company, what do you do?
Who do you call for help?
How do you inform your employees, your customers, and shareholders? What do you tell them?
How can you assure them that you're ready to prevent attacks in the future?
The way you respond to a cyberattack is key, so make sure you're not pushed into making these decisions in haste — outsmart the attacker by planning ahead.
Cybersecurity is a complex, continuous process. Sometimes it feels like there’s too much information to take in. Don’t worry about everything at once. Start from the bottom and work your way up. It will take time, so focus on building momentum. And if you have any questions, you can always contact us.
John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.