The Cyber Security Threat
This article was originally written by Mike Arvidson, the director of Eide Bailly Technology Consulting’s Infrastructure Services. With more than 20 years of experience in the IT industry, Mike’s wealth of knowledge includes network systems implementation, integrated new technologies, and information security.
The Cyber Security Threat
By Mike Arvidson
Forty-three percent of organizations suffered a cyber-attack last year, and according to Forbes, 71% of those affected were small businesses. The absence of dialogue surrounding this steadily growing threat to small and midsized businesses (SMBs) is alarming. When we hear cyber-attacks, we often think Target, Sony, or any of the other numerous high-profile instances of the past year, not the regional restaurant we ate at last month, the family-owned business down the street, or the tribal affiliated casino. But these instances are real and rising.
A lack of preparedness for a massive security hack coupled with minimal resources and general inexperience in combating today’s advanced cyber-threats combine to create a low hanging fruit “epidemic” for small businesses including tribal-related entities, which many hackers are looking to capitalize on.
To combat this growing threat to your entity, regardless of size, we have identified several key precautions to reduce your organizational vulnerabilities.
- Ensure that you and your tribe are compliant with required regulations.
- Run a cybersecurity audit focused on attack surfaces and points of entry. Identify the location of your sensitive data and map it to your access control list, both internally and externally, to further assess vulnerabilities.
- Confirm that operating systems are equipped with the latest security products and updates, including programs that can detect cyber-breaches within your network and evaluate threat levels.
- Define access permissions to data across your tribe and tribal related entities.
- Establish password protocols, including regular refresh cycles. Encourage staff to avoid passwords comprised of proper nouns, keyboard patterns, et al. and instead opt for meaningless combinations of letters and numbers for optimum security.
- Invest in industrial strength firewall protection, antimalware and antiviral programs to thoroughly establish your defense foundation.
- Safeguard sensitive data via encryption protocols.
- Educate employees; at the end of the day, your people are often your greatest weakness. Train staff on spamming and hacking awareness so they do not undermine your organizational security by absentmindedly opening a malicious email, attachment or link.
- Determine security practices on-premise, from the data allowed to leave company walls to the sensitive materials that need additional protection measures.
Ultimately, if you do not feel confident in your tribe or tribal entity’s internal ability and bandwidth to conduct exhaustive security testing to reduce your risk, look externally. Your data is not a gambling chip; cyber-attacks are growing in prevalence, and these steps are not simply recommendations but basic requirements in this day and age. Consider the above precautions the cyber equivalent of locking your front door; if you are not dead bolting the door to your data, you are essentially inviting a cyber-thief into your network.
A version of this article first appeared on Eide Bailly’s website.