Aaron Russo - Senior Manager for Tech Sales Data Center
Aaron Russo
Senior Manager for Tech Sales Data Center
Jeff Stork - Software Delivery Practice Manager
Jeff Stork
Senior Service Manager
Lane Shelton - Vice President of Software Business Development
Lane Shelton
Vice President of Software Business Development
Tony Dancona - Vice President of VMware EUC
Tony Dancona
VP VMware EUC, Solutions and Services
»See All Authors
Stephen Nardone - Director of Security Solutions and Services

Best Practices to Improve Cybersecurity

They May Be Simpler than You Think

|

The threat environment—i.e. malware and zero-day attacks, drive-by downloads, watering hole attacks, and denial and distributed denial of service (DoS/DDoS) attacks—is worsening, and the news and analyses paint a dismal picture for cybersecurity: it’s not a case of if you’ll be attacked, but when. However, making your environment more secure—and if not eliminating, at least drastically reducing your risk—is achievable by implementing the appropriate policies, practices and technologies.

Cybersecurity Best PracticesBut first, the bad news, and why you need to make cybersecurity a priority:

  • 76% of identified vulnerabilities in the enterprise are two-plus years old
  • Most organizations lack the security expertise to manage security solutions from multiple vendors
  • 33% of organizations have 4 or more vendors in use
  • 60% of all targeted attacks strike small and medium businesses
  • The indirect costs associated with security breaches outweigh directs costs by nearly 2 to 1
  • In the past year 70% of organizations were compromised by a successful cyber attack
  • 1 in 3 organizations do not have a written information security policy
  • Half of the small businesses that suffer a cyber attack go out of business within six months as a result

 

The bottom line, according to a recent IDC study, is that most U.S. companies are underprepared to deal effectively with potential security breaches from outside or inside their firewalls.

 

“The study findings imply that the U.S. private sector is more exposed to cybersecurity threats than it needs to be, given the best practices that are available today,” said Steve Conway, IDC research vice president, High Performance Data Analysis.

So with growing threats and limited resources, how do you maximize your protection while minimizing your risks? First, you start with a detailed description of the security risk profile of the assets, applications, and services that you manage.

You need to determine:

  • What threats you’re trying to defend against
  • How you are susceptible to external attacks
  • How to address a user doing something inappropriate in your environment
  • What your overall risk is

 

To enhance your existing security to mitigate risks and keep employees safer online, start with these basic steps:

  • Implement and/or update a BYOD policy as part of the overall information protection security plan to help minimize security risks
  • Educate employees on everything from visiting questionable websites to protecting system passwords
  • Reduce your threat surface by reducing the number of open ports and services on Internet-facing systems, implement a least-privileges policy, and consider firewall tools and next-generation technologies that allow for granular network control

 

On a more advanced level when looking at software defined networking (SDN), network virtualization, and micro segmentation, ensure each individual zone has its own security, making it a greater challenge for hackers to access the network.

The primary responsibility for cybersecurity rests with you, but that doesn’t mean you have to try to do everything yourself. A trusted partner like Connection can provide expertise and resources that can enhance your protection and mitigate your risks.

At Connection, we focus on a concept of protection, detection, and reaction. It's a strategy to make sure you are covering all three of those very critical pillars. Our team identifies the vulnerabilities that exist in your environment, then works with you to develop a prioritized plan to bring that risk down to an acceptable level—in accordance with compliance-based security requirements, such as HIPAA, HITECH, PCI, GLBA, and FISMA.


For more than 30 years, the Connection family of companies has been trusted to provide and transform technology into complete solutions. For more information, drop us a line.