As 2015 wound down, one of the few givens besides the ball dropping in Times Square was the onslaught of “2016 Top Cybersecurity (fill in the blank)” lists that are still filling email inboxes. Regardless of industry or size, organizations perennially struggle with cybersecurity – often not for the lack of effort. Experience has taught us that the downfall of these organizations is frequently a lack of focus on “Security 101” items – that is, security basics.
The top three areas in which we see issues in organizations of nearly any makeup and size are:
The shiniest tools and technology – from data loss prevention software to network access control solutions, from security information and event management systems to mobile device management and enterprise mobility management solutions – rely on a strong IT security foundation. If that foundation is not strong, problems with weak passwords, poor patch management, and data access permissions that are not restricted by role are likely to lead to a breach in security.
A recent article in The Wall Street Journal, “Banks Battle Staffers’ Vulnerability to Hacks,” identifies thumb drives, mobile device security, and spear phishing as a few of the top cybersecurity issues at financial institutions. The article goes as far as to blame employees for all cybersecurity issues.
Although employee behavior can be the weakest link in the cybersecurity fence in any industry, organizations must not forget to tend to the security basics as well:
So as 2016 unfolds, let’s not shrug our shoulders at the mundane and tedious tasks that constitute security basics; instead, take them on. Passwords, patches, and permissions may be boring as well as challenging to tackle, but doing so will improve the cybersecurity posture of your organization. And, if you are one of the lucky ones with a budget to buy one of those shiny, new tools in 2016, attending to security basics will make its implementation that much easier.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.