There’s a strong argument to be made that “Cybercrime” is more of a threat than a physical crime to most people and organizations.  The more you think about the hypothesis, the more alarming it becomes.

A physical crime typically depends upon the victim and the perpetrator (or group of perpetrators) being in the same place at the same time.  That requirement doesn’t hold true for individual hackers, sophisticated crime syndicates, foreign governments, or corporate espionage specialists.  Vast underground networks of digital criminals trade information and conspire for purpose of sabotage, theft, and fraud, often working across borders that place them out of reach of law enforcement.

For the past decade, security has consistently ranked as a top concern of CIOs.  While other issues have come and gone, security has remained a vital issue because the capabilities and sophistication of cybercriminals have often outpaced the measures taken to protect against them.  A layered approach to security has been consistently recommended, but the reality is that it is neither sufficient for an organization- of any size- to depend on antivirus, antispam, and a firewall. The ingenuity and persistence of today’s criminals require much more than that.

Red Level urges all of our clients, large and small, to implement the following recommendations:

1. Install a firewall – and ensure that it is properly configured to ensure that no potential points of entry are left undefended.
2. Install – and regularly update- advanced antivirus protection.  Not just for PCs, but for Macs, tablets, and smartphones as well.
3. Maintain advanced antispam protections.  Email remains a key point of vulnerability for most organizations.
4. Implement web/internet filtering.  In recent years, malicious websites have emerged as the most popular entry point for malware.
5. Ensure that systems promptly receive all official recommended updates for both system software and applications.
6. Implement comprehensive system monitoring to rapidly detect – and isolate – any hostile events.
7. Maintain comprehensive, frequent, reliable backup and recovery systems capable of meeting RTO and RPO objectives – a vital measure in the event that data is wiped or locked by malware.
8. Implement user education on security and safe use practices, including mobile devices – both “BYOD” and company-issued smartphones and tablets.  Set security standards for user conduct, and enforce them.
9. Conduct an annual security audit.  Have expert analysts regularly assess your system and security practices for vulnerability at least once a year, and keep abreast of the changing nature of security threats.

Maintaining effective security consumes resources, time and attention – but such expenses are minimal compared to the potentially catastrophic impact of a successful intrusion.  If you’re concerned about your organization’s vulnerability to digital crime, contact us to start the evaluation process and explore your options.