In the last 8 years, more than 7.1 billion identities were exposed in data breaches.
A paradigm shift is underway. Today, we know that the idea of our social security numbers being kept secure for our entire existence is unlikely. We have credit monitoring, identity theft protection and fraud detection to help monitor for unusual behavior and stop fraud in its tracks.
It is just as unlikely that username and passwords can be protected. It’s naïve to believe they provide enough security on their own. They also present a false sense of protection. Relying on usernames and passwords means that if (read: when) someone gets into one of your accounts, they can act undetected for days, weeks, months or even years.
It took Equifax more than 200 days to notice someone was in their network who didn’t belong there. In that time, extensive damage was done.
There must be a paradigm shift in your company’s security that acknowledges the need to protect the network inside and out; not just the perimeter. Multifactor authentication, analytics that flag unusual behavior and advanced prevention protocols are all essential to protecting businesses today. This is Security 3.0.
Identity-Driven Security
Accounts can be accessed from almost anywhere on multiple devices. So, it’s time to get past the username and password to safeguard identities. It doesn’t work. Take account access to the next level with multifactor authentication: fingerprints, two-step confirmation and other verification methods. We know this works: our own certified ethical hackers test this stuff out. In reality, you should be able to freely share your username and passwords all over the internet without worrying about who gets them. Multifactor authentication makes this possible.
Guard your network
Everything from your Wi-Fi password to the security suite installed on your servers is important to keep the network protected. Network security is the gatekeeper to protecting the data on your networks – it’s usually what people think about when they think “information security.” Network security certainly is important, but it’s far from the end-all, be-all. It’s also not a one-and-done situation. make sure you cover these four bases:
- Monitor for threats across the network, including mobile devices
- Detect issues with advanced threat analytics
- Defend against attacks
- Securely recover from incidents with minimal impact
Lock down email & files
There is no foolproof network security because of threats like ransomware phishing emails that can sneak past detection and land in an unsuspecting employee’s inbox. For that reason, it’s essential to secure files, emails and data. That way, anyone who has managed to access the environment can’t extract data and can’t extort your company by encrypting your data.
Protecting data is central to protecting identities and financial information. Payroll data, social security numbers and supplier credit card information can all be stolen, encrypted and sold on the black market very easily. Your company will be the one in arbitration or court dealing with the repercussions. Even just a partial compromise will have you facing potential liabilities.
Start with this: Run a security assessment
We do security assessments for companies of all sizes, whether they are our client or not. And, we can tell you there are likely a few surprises lurking that you hadn’t thought about. Here are a few “gotchas” we’ve seen recently:
- Security features that were available to the client but not configured or activated
- Former employees with full administrative rights to the network; giving them the ability to access everything from outside the building and do some serious damage. (By the way, you can easily manage identities with a single user log-on to avoid this.)
- Security patches on Microsoft software not being run – opening the company up to zero-day attacks
- Antivirus definitions significantly out of date
- Physical security not attended to, like employee files in unlocked cabinets or lack of security cameras around the building
Whether you’ve had a security assessment or not, it’s an essential piece to understanding what is available and what your needs are. Compared to the liability, arbitration, lawsuits and the breach of trust that go with security breaches, a security assessment is a small investment. It’s at least worth talking to us about.
Contact one of our security advisors online or at 866-531-1990 to learn what identity theft risks you might have.