ARTICLE
20 November 2017

Lessons Learned From Cyber Awareness Month – Part Two

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin Richter & Hampton logo
Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
Explore Firm Details
Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity.
United States Technology
Photo of Jonathan E. Meyer
Authors

Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity. According to one analysis, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017, or about 10 million records a day, a 164% increase. Another study found that since 2013, a sample of company breaches had led to over $52 billion in shareholder losses.

Organizations can easily improve their security by blocking unnecessary websites, applying appropriate filters to incoming emails, and themselves implementing multifactor authentication. More systemically, companies are increasingly joining the federal agencies that are implementing the NIST Cybersecurity Framework. It has been predicted that by 2020, 50% of businesses will be utilizing it.

Putting It Into Practice: Companies should consider the following steps:

  • Block websites that your employees don't need access to for their work purposes, but that can be the hosts or portals for cyber attacks.
  • Apply strong and effective filters to incoming emails to remove obvious phishing and other malicious correspondence.
  • More systematically, consider joining the federal agencies and other companies that are implementing the NIST Cybersecurity Framework. It has been predicted that by 2020, 50% of businesses will be utilizing it, and as that happens, it will more and more become the standard by which corporate cybersecurity is judged.
  • If you handle sensitive information (either yours or that of your clients), and particularly if you do work for the government, look into coming into compliance with NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. If you have contracts with the Department of Defense you may already be required to do so, and the rest of the federal government is expected to require it for sensitive information within the next year.
  • Improve and accelerate your patching and updating: Several recent major breaches resulted from the fact that a company had not (yet) patched software that not only had a known vulnerability, but for which a patch was available. On sophisticated systems, patching is not simple or instantaneous, but companies should consider devoting more attention and resources to patching and updating quickly.
  • Replace outdated computers and servers: Companies often fail to replace their IT assets until they fail. However, manufacturers cease to provide updates and patches after machines reach a certain age. Those machines then become vulnerable, making a company's entire system vulnerable, if those machines sit on the network. Companies need to be aware of this issue and act on it.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Jonathan E. Meyer
Jonathan E. Meyer
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More