Five Things Every Business Should Do to Prevent Cyber Attacks

With new IT policies and processes in place, companies won't be returning to the pre-pandemic status quo.


The COVID-19 pandemic sharply accelerated businesses' plans to adopt cloud computing, bring-your-own-device (BYOD) programs and other revolutionary innovations to "traditional" IT infrastructure. Many companies intensified efforts already in place to support off-shore workforces. Even traditional, laggard industries and businesses with relatively strict cybersecurity and privacy policies — think of government contractors, for example — had to reconsider work-from-home policies.

With new IT policies and processes in place, companies won't be returning to the pre-pandemic status quo. Infrastructure and processes have inertia. According to a recent Forbes article, "Before the pandemic, only 5% of working days were spent at home. That number increased to 40% by June 2020. Researchers expect it to fall to 20% post-pandemic."

Most businesses are aware of the challenge before them. According to Gartner, "Security and risk management spending grew 6.4% in 2020" and most CIOs intend to spend heavily on cyber and information security this year. When nearly 80% of security incidents are identity-related, it's safe to say an investment in identity access management and application security can offer far-reaching benefits to businesses.

In short, as businesses become increasingly digital, cyber attacks carry even greater risk. This reality has elevated the importance of cloud security across industry verticals. The number one problem? Centralized data storage. It's so much easier for a bad actor to hack into one central location than it is to hack into a distributed system with no single point of failure — hence the rise of blockchain technology to decentralize data storage. Businesses should eliminate single points of failure in their cloud storage before embarking on any other security measures. However, once decentralized storage is achieved, here are the five next steps businesses should take to ensure the highest level of security:

Good Risk Governance

Cybersecurity and risk management typically take second fiddle to businesses' other stakeholder objectives such as survival, growth and profit. However, when an incident threatens these objectives, security gets elevated to boardroom-level conversations. Establishing corporate governance that helps identify potential cybersecurity hazards to the business is an essential first step toward reducing vulnerabilities. Endowing a CISO or risk officer with significant budget and authority helps entrench security governance by facilitating company-wide programs that ensure good security operations.

Establish a Security-Minded Culture

Creating a security-minded culture is the essential step that ultimately improves an organization's cybersecurity risk posture. A security-minded culture results in more innovative initiatives and acceptance of otherwise unpopular costs and requirements essential to "bottom-up" risk management. Organizations with a bottom-up approach tend to have better protection of distributed cloud infrastructure.

Better Training and Processes

A bottom-up approach to information and IT security management that is harder, more inclusive and, critically, forward-thinking requires two tenants: employee awareness programs and effective technology. As it relates to the human element, many security training methods are outdated or out of sync with new workforce realities that rely too heavily on security training as part of an onboarding process. This doesn't cut it for today's highly digitized businesses and distributed employee and contractor networks. Gartner suggests you create security advocates by setting the vision (this is the security-minded culture addressed in point one), leveraging outcome-driven metrics to define measurable, desired behaviors, and linking good practices to business benefits.

Built-in Continuous Monitoring

Continuous security monitoring automates the monitoring of IT security controls, vulnerabilities and other cyber threats. Continuous monitoring is an essential tenet of bottom-up security best practices. With the enormous increase in remote working and BYOD, whatever businesses had in place prior to April 2020 likely needs an upgrade. Look for tools that work to protect shadow IT infrastructure inherent to BYOD and distributed networks. Deploying public protocol and blockchain to distributed applications and data can protect systems.

Prevent Identity Theft

Password requirements have become increasingly complex to help thwart hackers. However, the complexities are equally deterrent to employees who often use the same passwords or password-management tools for both personal and business devices, creating single points of failure. Trustless protocols allow your business to eliminate passwords entirely and use private keys or biometric authentication to ensure user identity. Integrating blockchain, a naturally cryptographic technology more adept at leveraging private keys and biometrics, builds a trust layer between distributed cloud infrastructure and employee or contractor access. This makes it harder for attackers to gain access to systems through human vulnerabilities. For example, businesses can use a public protocol index layer on a platform tied to Bitcoin to help stop ransomware and other cybersecurity attacks.

These measures, all founded in the need to eliminate single points of failure in cloud storage, all help improve a business's risk posture and prevent costly incidents. Some of these changes, while essential, require months and years to effectively implement. Taking steps to prevent identity theft is the single most effective and concrete step businesses can take to reduce cyber risk. While employees may enjoy better work-life balance or fewer hours spent commuting, a distributed workforce with de-facto BYOD increases every business's cybersecurity risk. People are, to put it simply, the most vulnerable chink in an organization's IT infrastructure. We need to use the most effective tools at our disposal to protect employees and our businesses.

The Newsweek Expert Forum is an invitation-only network of influential leaders, experts, executives, and entrepreneurs who share their insights with our audience.
What's this?
Content labeled as the Expert Forum is produced and managed by Newsweek Expert Forum, a fee based, invitation only membership community. The opinions expressed in this content do not necessarily reflect the opinion of Newsweek or the Newsweek Expert Forum.