Smarter, stealthier, and more subversive and sophisticated than ever. The cyber threat landscape has overwhelmingly grown, not only in the size and type of organizations and information at risk, but in its attack processes and those who carry them out wittingly or unwittingly. As organizations increasingly leverage new technologies like mobile, cloud, and the Internet of Things, understanding the roles students, employees, and third-party vendors play in the ever-evolving threat landscape is essential in protecting your data from cyber attacks.
Technology has become such a part of our lives that many of our young students do not remember a world without it. Today, there are a plethora of free tools (spyware, malware, ransomware) readily available online that any student can use to infiltrate a school’s network, gaining access to everything from logins and passwords to student and staff records, grades, health records and more.
For employees and staff, it’s not so cut and dried. Network security is at constant risk of threats from social engineering and phishing. In the simple act of doing one’s job, an employee or staff member can inadvertently disclose sensitive information or click on a link in what appears to be a valid email allowing an attack on the entire network and all its attached devices.
Over sharing of internal information and network permissions with third-party vendors are another area of particular threat. There are countless examples of vendor laptops being stolen that contain sensitive information such as special education student records, health records, and personal employee records. Other third parties, such as industrial vendors who control HVAC systems in schools and other organizations also pose threats from both internal and external actors.
The financial impacts of security breaches extend far beyond the costs to an organization, but also to its students, families, customers, and clients. How much are these breaches going to cost? $300 per compromised record is the current estimate, along with other factors such as regulatory compliance and increased penalties (PCI, HIPAA, SSAE16 etc.), and jury awards.
What do you need to know and what can you do? We’ve put together a list of informative resources to get you started on things you can do internally in your organization to improve cybersecurity.
8 Resources to Improve Your Internal Cybersecurity
- Privacy Technical Assistance, Staff education, and Notification Requirements
- Employee Security Awareness Training Education
- Data Breach Response Checklist
- State Cybersecurity Breach Notification Laws and Requirements
- Business Continuity and IT Disaster Planning
- Cybersecurity and Defense planning
- Data Breach Examples, Blogs, and Information
- Cybersecurity Awareness and Tips
Adding to the complexity of this ever-changing threat landscape, Infosec and cyber defense skill set shortages along with over-dependence on IT departments for compliance and oversight makes security challenges a daunting task. It is estimated that by the year 2020, there will be a shortfall of 1.5 million cyber security professionals.
Protelligent’s Premonition™ services focus on intelligence driven security strategies, effective resource utilization, staff training, and reduced risk footprint that are right for your organization. Contact us today toll-free at (855) PRO-TELL or visit our Premonition™ Security Suite page to learn more.