Protect your company's brand with proactive cybersecurity measures
Cybersecurity has never been more important, nor more difficult to manage. Its complex and rapidly advancing nature can cause insomnia for even the most digital-savvy executives. This includes a growing number of CMOs who, according to Gartner's 2016-2017 CMO Spend Survey, are on track to spend more on technology this year than their CIO counterparts.
Cyberattacks can range from site defacement, in which hackers alter website copy, to DNS attacks, during which hackers flood domain-name systems and cause websites to crash. These assaults can have devastating consequences on the digital presence and integrity of a company -- from damaging its brand reputation, to exposing sensitive data and blocking legitimate traffic to its website.
The truth is, there are no guaranteed ways to guard against these threats. In working with some of the world's top professional services firms over the last 20 years, admittedly I've lost a few nights of sleep myself. However, along the way, I've also learned a few best practices to improve cybersecurity. Business leaders who plan proactively, engage the right people, implement new processes, employ the latest technology and continually review their security infrastructure will sleep better at night.
Take back the keys
The first step to securing your digital properties is to determine who should own and have access to digital assets, including your content management system (CMS), customer relationship management software (CRM) and social platforms. Once you determine ownership -- usually a combination of IT and marketing -- you can conduct periodic audits to confirm that only those who need access to these systems are granted it, and at the right level.
Unfortunately, many companies lack a formal process to update user permissions. As a result, they inadvertently allow outsiders -- including previous employees, contractors and old vendors -- potential access to their systems. Creating an onboarding and offboarding plan ensures access is given only as needed, and is revoked as soon as a firm changes vendors or an employee switches roles.
Create processes around data and relationships
Next, examine all processes related to the management of your digital properties. Start by knowing exactly what information your company has, where it's stored and who is responsible for it. Classify data in a way that allows varying levels of security procedures and establishes appropriate recovery and communication plans in case of a breach. For example, a companywide response to hacked credit card information would likely differ from a response to defaced webpage copy.
Once those processes are in place, turn to vendors who interface with or control a digital asset, and ensure they have adequate security measures in place. In one of the biggest corporate breaches in U.S. history, hackers easily accessed Target's network, and stole 40 million credit card numbers, using a vendor's login credentials. You can guard against a similar threat by vetting the security practices and technologies of your vendors and holding them accountable for following the same strict security standards that you do.
Keep up with technology
Using the most current technology is the backbone of a solid security infrastructure. Your IT team should implement a multitiered approach that provides several layers of protection.
One increasingly popular precaution is two-factor authentication, which applies an additional barrier to entry that must be unlocked, ensuring only intended individuals can gain access, even in situations where credentials are stolen. Other tools, including live-threat protection that blocks bad web traffic and site monitoring tools that provide instant alerts when the website is down, are additional layers to consider.
Test, review and repeat
Maintaining a secure site is an ongoing battle that requires continuous attention. Your IT team should regularly update its security tools and patch software, monitoring for any new entry points hackers could exploit.
Allowing a credentialed, third-party auditor to review, test and inform your company's security efforts is another best practice to consider. This "white-hat hacker" helps ensure the system is up-to-date and can protect against the newest threats.
Further, provide regular training for employees and test them with mock cyberattack drills. This will remind everyone what to do -- and what not to do -- should a real attack take place. Training should be a comprehensive process that includes everyone from the newest interns to the most senior executives. You can start by sending employees a mock phishing email, and use the responses to structure a training session on the topic.
Cyberattacks are not a matter of if, but when. Being proactive and staying on top of your people, processes and tools will help protect your digital assets and prepare the right people to confidently jump into action to minimize damage, when necessary. Although the prospect of a cyberattack can be intimidating, if you take preventive measures now, you just might catch some more zzz's.
• Jeff Hirner is co-founder and chief operating officer at the B2B digital agency One North Interactive.