There are way too many stories about companies that discover a security breach and then find out that the actual breach happened months or even years ago. Yikes. No one ever wants to be in that position so why not try to avoid it?
Krebs on Security wrote a good article What the Marriott Breach Says About Security. The article anchors off of a key security element that I have said for many years. The fact that someone on the business side should be heading up security and never IT. That does not mean that someone on the business side needs to be a security expert. Just that the buck stops with them and they are much more inclined to ask security questions from the business perspective and not take IT security for granted.
We have had clients ask the question about if there was any way for them to know if a bad guy has breached their network and has access to steal data. The sad answer by default is no. This is not a common thing to monitor for most companies. The anti-virus or anti-spyware software that is running on your computer does a good job stopping things, but there is always a chance that a bad guy can hack in and breach your security. Luckily it is fairly easily addressed though.
- Start off with a better anti-virus/anti-spyware program. The newest applications work in a different way and are MUCH better at catching and stopping infections.
- Use an EDR (Endpoint Detection and Response) platform to monitor for rogue activity. If a hacker happens to get in to your network, server, or one of your computers, this software will block the activity and notify you of the intrusion. Now you are in a position to proactively know if a hacker has breached your security. This solution is also pretty affordable.
- If you want to take to the proactive approach to the next level, then you can implement a real-time network security monitoring system. This not only monitors your computers, but also the network itself and all of the system log files. Works great and enables a very secure environment, but it is also expensive.
- Oh, and one more thing, have someone on your business leadership team head up security….
Got a question or want to talk over your security situation? Shoot me an email or give me a call and we can chat.