10 ideas designed to enhance cybersecurity
The 2016 presidential election was historic in numerous ways, aside from the upset victory by Donald Trump.
It was the first election in which the emails of the Democratic National Committee were hacked and released to the public. It also was the first election influenced by “fake news” promoted through social media.
The threats to cybersecurity are a national crisis, according to Jim Savage, president of Brookfield-based IT consulting firm Concurrency Inc. They’re also a personal crisis for consumers and businesses of all sizes, Savage says.
“Nothing is going to surprise me anymore from a security standpoint. There are inherent vulnerabilities,” Savage said. “That it took down an election — that is the most significant hack to date. We should definitely be scared. You need end-point security on every device.”
Savage noted that a recent survey of more than 600 corporate board directors reported that only 19% believe their boards have a high level of understanding of cybersecurity risks.
Savage can speak from personal experience. Concurrency was nearly the victim of a “spearfishing” scam, in which a hacker determined the email addresses of Savage and a key assistant. The hacker then sent the assistant an email that appeared to be from Savage, directing the assistant to send $45,000 in a wire deposit to an overseas account.
Fortunately, the assistant doublechecked with Savage about the expense, and they were able to stop payment on the deposit before it was cashed.
I asked Savage to provide 10 practical considerations business leaders should consider to minimize their vulnerabilities to cyberthreats and protect their customers’ data.
Acknowledge the threats are real. “Cybersecurity is a real and pervasive threat that needs to be addressed by any business that wishes to take advantage of the benefits of the global internet. To quote from FBI Director James Comey, ‘There are two kinds of big companies in the United States: those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.’”
Avoid the fear paralysis reflex. “Organizations and/or responsible individuals within organizations are often afraid of looking too deeply into security because of fear of getting blamed for what they expect to find and uncertainty about what to do.”
Designate an information security leader. “A responsible individual identified within the organization needs to be given the responsibility, authority and resources to effectively and economically address the increas-
ing challenge of information security.”
Protect your data. “When allocating resources, consider what is at stake. What if Chinese corporate espionage hackers stole the complete AutoCAD drawings for your key manufacturing product? What if Russian hackers stole all your customer names, addresses and credit numbers?”
Upgrade your operating systems. “A dirty little secret in IT is much of the inherent insecurity in modern business computing is a function of old operating systems. Organizations running two, three and four major operating system revision levels behind are putting their organization at undue risk.”
Leverage third-parties’ outsourcing where appropriate. “Look to experts with long and successful track records of implementing the technologies in question for organizations your size.”
Go to the cloud. “Increasingly, businesses with fewer than 1,000 employees are finding it James Savage President
Concurrency Inc., Brookfield, with offices in Chicago and Minneapolis
Expertise: Microsoft-focused systems integration
Previous experience: Enterprise software, business process automation, enterprise content management, information security, IT service management, project and portfolio management
Education: Bachelor of arts, economics and history, University of Wisconsin-Milwaukee
Best advice ever received: “Do what you love. …The money will come.”
Favorite movie: Anything by Guy Ritchie or Wes Anderson
Favorite musical act: Radiohead
Favorite Wisconsin restaurant: Palmer’s Steakhouse in Hartland very difficult to economically beat the information security provided by major market cloud providers. In five years, it will be difficult for onpremises-only businesses to compete effectively with businesses that effectively embrace cloud architectures.”
Implement service management. “IT service management refers to the collection of policies, processes and procedures performed by organizations to plan, design, deliver, operate and control information technology. A maturing, standards-based service management effort is one of the most important things an organization can do to address security in addition to managing the costs and complexity of IT.”
Leverage best practices. “Apply the wisdom of those that have gone before us. From planning through execution, be sure to take advantage of industry standards and established methodologies.”
Train employees. “End user training and employee awareness about cybersecurity must accompany good policy and the right security technology investments. …There’s a lot of room for humans to do the wrong thing.”