image_pdfimage_print

You probably wouldn’t think of leaving your house with the door unlocked, or even open. If you have an alarm, I imagine you set it each time you leave the house. Maybe you have a dog who you trust to warn of anything untoward happening at your home.

You protect your physical assets as a matter of course. But are you putting as much thought into protecting your business’s digital assets?

Let’s take a look at the current security challenges for any organization. Then, I’ll share the six actions to take—regularly, often—to protect your data and your business as best as possible.

Cybercrime & enterprise security

You probably think you are doing enough. But chances are that your enterprise is still at risk of attack from cyber criminals. This means that the information you safeguard for your customers is also exposed to the same dangers.

Every year we see:

  • An increase in data breach events globally.
  • Phishing attacks become more sophisticated and believable.
  • Identity theft occurrences grow at a worrisome rate.
  • Digital criminals come up with innovative ways to profit from any business with a digital presence that is not protecting itself adequately.

And this year proved that there’s plenty more opportunity for cybercrime.

2020: A new world of criminal opportunity

The COVID-19 pandemic has caused many issues for businesses and individuals throughout the world. One group that has benefitted from the pandemic? Cyber criminals. As more and more people moved into remote working situations, businesses were unwittingly exposing themselves to increased vulnerability to incursion by cyber criminals.

Criminal Opportunity

Our new ways of working and shopping have created a perfect storm for those in our society who are willing to exploit security holes. As more and more retail transactions are conducted online there are greater opportunities for credit card data to be hacked. With workers moving to their home offices and connecting remotely to working environments, hackers have found new ways to exploit previously unknown security flaws.

Not only has there been a surge in the number of attacks—in the first quarter of 2020 cyber attacks against financial institutions were reported to have risen more than 230%. The techniques being used have improved and become harder to fight effectively. Hackers are using social engineering and increasingly advanced tactics to exploit:

  • The human factor
  • Weak links caused by processes and technologies in use by the supply chain

Luckily, there are steps you can take to increase your security, at least as much as possible.

Six steps to protect your business from cybercrime

Here’s the bottom line: Every organization will always be exposed to risk. But these steps will help limit that risk.

1. Educate

More workers are connecting remotely to business systems. Proactively and routinely inform your employees about the ways criminals are likely to try to exploit their isolation to gain access to business systems.

Sophisticated and believable phishing attacks have increased exponentially and can be hard to spot, particularly when workers can’t easily discuss suspect emails or messages with colleagues, as they would in the office. Regularly reminding your organization about phishing techniques will keep staff alert.

2. Patch ASAP

Promptly applying security patches is more important than ever. New ways of working have exposed previously unnoticed security flaws and you can be certain that criminal elements will try to exploit these before enterprises have time to apply the appropriate patches.

Act swiftly to block these holes as soon as you identify them.

3. Block fake websites

Act quickly to block fake websites identified in phishing attacks. Previously, we were used to seeing phishing emails, often attempting to harvest login details for banks and financial institutions.

This year brings a new criminal opportunity: Many fake donation websites have been set up, targeting people who are willing to help others affected by the pandemic. Reports of company employees receiving emails, purportedly from their own CEO, directing them to fake charity sites have been reported.

Block these fake websites for your enterprise users, but don’t stop there. Alert your national cybercrime agency of the fake websites as well.

4. Secure mobile devices

Ensure that mobile devices and other endpoints are adequately secured. With an increasing amount of business being conducted on tablets and smartphones, you must ensure that these, whether personal or organization-owned devices, are kept up to date with all applicable security patches.

Deny access to any unpatched devices that try to access company applications and networks. Create a policy for physically securing devices that can connect to company data—and ensure all staff agree and comply. Zero trust network access could be the way to do both.

5. Control all apps

Understand and control all applications in use in your organization. Many organizations saw an upsurge in the use of non-approved collaboration platforms as the result of the rapid move to home working—something known as shadow IT. The proliferation of these platforms was understandable, and in many cases essential to enable staff to remain productive.

With the dust now settled and a new normal being accepted, now is the time to review and rationalise the ways your teams collaborate internally and externally. Check the security credentials of all services in use and remove those that don’t meet your requirements for security, privacy, and data integrity. A healthy and routine asset management practice will help you do this.

6. Review your SecOps practices

2020 has been a year of change. You need to make certain that the security and operations practices you have in place are adequate to:

  • Keep your organizational data safe
  • Protect you from incursion by the bad actors of the cyber world

I recommend these ongoing practices you can adopt to bolster security:

Components of Security Analytics

Stay vigilant, stay aware

Protection against cybercrime is one area where organizations cannot afford to let down their guard. Recovering from cybercrime costs $200,000 on average, for companies of any size. Whether that’s a sizable chunk of change or a drop in the bucket, there are better ways for you to invest your dollars.

Unfortunately, cybercrime protection is not a set and forget capability—criminals are constantly changing their methods, finding new ways to exploit your vulnerabilities, and harvesting your confidential data.

You must remain vigilant. Keep abreast of new methods of attack and protect your business from harm. The financial and reputational future of the organization depends on you.

Additional resources

For reading on related topics, explore these resources:

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.


Last updated: 10/20/2020

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Kirstie Magowan

Kirstie Magowan

Kirstie has been active in service management since 2000, working in a wide range of organizations, from primary industry to large government entities, across New Zealand and Australia. Kirstie has spent much of the past 15 years working at a strategic level as an ITSM consultant. She regularly takes on operational assignments to remember what it's like to be on the ‘coal face’ of service management, as this allows her to provide real and actionable advice as a consultant. Kirstie first qualified as an V2 ITIL Manager in 2004 and spent four years working as the Chief Editor for itSMF International from 2012 where she built a strong global network of service management experts. Kirstie is a member of the authoring team for the ITIL4 book - Direct, Plan and Improve, and a contributing author to the ITIL4 practice guides.