Earlier this month, credit reporting company Equifax disclosed that hackers had accessed the names and social security numbers of approximately 143 million of its US customers.
The breach tarnished Equifax’s reputation,destroyed its stock anddecimateditsexecutive ranks.
No one wants to be the next Equifax and it’s a safe bet that at this very moment big and small businesses across the country are scrambling to bolster their cyber fortifications.
It’s not an easy feat. But Steve Martino, chief information security officer at Cisco, has developed some clever techniques through years of fighting the bad guys.
Cisco employees are constantly kept on their toes as Martino probes them for weak spots and drills a defensive mindset into them.
Martino sat down with Business Insider to share some of his key tactics for creating an organization that won’t become the victim of the next big cyber attack. Here’s what he recommends:
View As: Slides
Kill your click-throughs
In online business, big click-through rates are great: it means customers are clicking on links and web pages to buy stuff.
Inside a company though, high click-through rates can be deadly as a daily barrage of phishing emails and other nefarious tricks try to entice susceptible employees into clicking a dangerous link.
Martino sends out fake phishing emails to Cisco’s entire staff every quarter. Anyone who clicks on the phishing link is brought to an employee training video to teach them how to avoid engaging with suspicious emails in the future. The method works because it helps every employee understand their role in protecting their company against attacks.
“ We’ve been able to reduce our click through rates by over 60% by giving them that training,” Martino says.
Protect your treasure
It’s extremely difficult to protect against every possible method of intrusion, so it’s best to focus on protecting the most important data. Figure out which customer and company data is most sensitive, as well as which portals of entry are most vulnerable, Martino advises.
“ If you don’t know what your key things are, you’re trying to protect everything and you probably protect nothing,” he says.
Seek and destroy
Expect that attackers will get through some of the time and actively seek out the intruders.
” You have to recognize that in today’s interconnected world, no matter how much you deploy, mistakes will happen,” Martino says. From employees that click on phishing emails, to programmers that build buggy software, human mistake is often at the heart of security.
“ Hackers are dedicated, and well funded adversaries, and they’re going to find errors in software,” says Martino.
Because of this, it’s vital that security teams actively look for existing breaches.
One way to do this is to look for cybersecurity software which can work together, so that when something goes wrong at one point in the security process, protections are in place to prevent it from going any further.
Practice “fire drills”
Every student and office worker knows how to get out of the building fast if there’s an emergency. The same should be true for responding to cyber threats.
Martino recommends that management teams set up a cybersecurity playbook with defined steps that the team needs to take should their worst nightmares come to fruition.
Once the playbook is established, and roles are doled out to the staff, companies should run drills for security breaches the way that schools run drills for fires: The more a company practices, the better prepared staffers are when something does go wrong.