Blog Detail
  • Practical Tips for Protecting Your Company’s Digital Assets 

    January 9, 2023

    protecting digital assets

    As a business owner, you understand risk. You’ve protected your physical assets from theft, fire, and floods. You have plans in place in case of a natural disaster and weather extremes. You’ve weighed the costs to mitigate the consequences of a threat to your business, and you’re comfortable with the risks.

    When you look at your digital assets, you’re not as confident. Technology isn’t your field of expertise. Firewalls, attack surfaces, and vulnerabilities are just words. You’re not sure if your cybersecurity will protect digital assets.

    Part of the problem is perspective. When you decide to secure your office with an electronic security system, you’re confident it’s the right decision, even though you aren’t 100% sure how it operates. Digital data security is no different.

    Securing your digital assets is a business decision, not a technical one. You don’t need a computer science degree to understand how to manage risk. You need practical strategies to protect your company’s digital assets. 

    Cybercrime is Big Business

    The image of hackers as mischievous teenagers testing their computer skills no longer exists. Instead, cybercriminals look more like the Godfather’s mafia. These “crime families” reside in a virtual world known as the Dark Web, where a company’s digital assets are bought and sold.

    Like any business, cybercrime has to innovate to stay competitive. Cybercriminals spend every waking moment creating and deploying virtual weapons to steal information or shut down systems. In 2022, cybercrime cost the world $8.4 trillion (US).

    Cybercrime is big business. It’s made up of groups that prey on organisations of all sizes. Despite the headline-making breaches, the majority of attacks target small businesses. According to 2022 data, 43% of Australian small businesses were targeted. 

    You can purchase a cyber insurance policy to mitigate some of the risk, but most insurers expect a minimal level of security measures to be in place. That’s why any company with a digital asset needs a risk management plan.

    What is at Risk?

    Every business has a level of risk tolerance.  Some organisations operate in an industry, such as financial institutions and insurance, that have a low-risk tolerance for protecting a company’s digital assets. They operate in a highly-regulated environment that requires compliance with government-mandated regulations. Many use digital asset management systems (DAM) to protect against attacks.

    Cryptocurrency companies and their investors have a high-risk appetite. In many cases, they are willing to lose everything for the chance to make millions. The industry is unregulated and minimising risk is at the company’s discretion. However, data security is still a concern.

    Most companies fall somewhere in the middle. Clothes manufacturers take a risk when deciding on the fashions to sell for the next season. Grocers tolerate risk when they decide what brands to carry. Determining your risk tolerance informs your business processes and directs your cybersecurity risk management plans.

    Identifying Your Cyber Risks

    Managing cybersecurity risks does not mean eliminating them. Even with unlimited resources, organisations can’t keep up with cybercriminals’ ability to create new virtual weapons. The best approach is to prioritise the risks for protecting digital assets. 

    Numerous risk assessment checklists or guides exist online, but their completeness varies. There are third parties that can help assess your company’s cybersecurity risks. However, the identified vulnerabilities can be extensive.

    Whichever method you choose, don’t panic at the length of the list. Instead, identify the top five to ten risks to address. Use these priorities to manage digital assets, including intellectual property and critical data. For example, answering the following questions can help stop security loopholes. 

    • What are your company’s unique digital assets?
    • What security tools do you have in place?
    • Do you have a policy in place for managing an employee’s smartphone?
    • Are you using two-factor authentication?

    Older hardware and software may lack the capabilities needed to protect against 21st century cyberattacks. By upgrading, you may eliminate several weaknesses simultaneously while protecting existing workflows.

    Regardless of the risk assessment results, you should ensure that your organisation practices good cyberhygiene and make it the foundation of any risk management plan.

    What is Cyberhygiene?

    Cyberhygiene refers to fundamental practices that organisations should routinely perform to minimise their security exposure. They include such actions as backing up data and creating strong passwords. Having basic protections in place is the best way to implement security measures. The following paragraphs discuss industry best practices related to cyberhygiene.

    Once you assess your potential security risks, consider reviewing the information with a legal professional with expertise in cybersecurity protection. A legal expert should help prepare nondisclosure agreements and employment contracts.

    Administrator Accounts

    Admin accounts give users access to everything on a single device or a network. While it’s convenient to have that comprehensive access, the risk is significant. Sending emails or browsing the web from an admin account increases the risk that the account will be compromised. Once cybercriminals control the account, they control the system.

    To prevent such a compromise, no one should use an admin account for routine tasks. You should manage accessibility by restricting admin accounts for system-wide maintenance or operational tasks. A least-privilege model should be in place restricting access to protected and sensitive data.

    Data Backup

    Your company may already back up its data, but where is it stored? How often is the data backed up, and have you tried to restore it? The answers to these questions can determine how quickly you can recover from a cyberattack or a natural disaster.

    How frequently to back up your system depends on how often your data changes. Daily incremental backups may be sufficient, with full backups occurring weekly. Two backup copies should be created and stored. One can be stored locally, but a second should be maintained offsite.

    Cybercriminals now look for all backups on a system before launching a ransomware attack. They encrypt the backups, so companies cannot restore their systems once an attack is underway. Having a second copy that lacks an internet connection ensures your system can be restored.

    Companies should test their restore processes to ensure the system is working. Local and off-premise copies should be restored to confirm that the data is accessible and to determine the time required to become operational. If using cloud storage, do not assume the process works because the provider says it will. 

    Data Encryption

    Encrypting stored data may be required in high-risk industries. However, it should be a practice for all businesses that store data, especially in the cloud. If using cloud storage, encrypting files protects against theft if the provider is compromised. You want to ensure that your company’s assets are always protected.

    Encrypting local files can add a level of on-site security. In some instances, encrypting stored data may be mandated. For example, cardholder data must be encrypted if it is stored locally. Such security measures provide proper digital asset protection.

    Password Protection

    People don’t dislike passwords. They dislike having to remember them. That’s why they make them easy to remember and use across multiple accounts. When a hacker learns a password, they attempt to use it on all related accounts.

    The ramifications of a stolen password can be catastrophic. Identities can be stolen. Financial resources can be drained, and sensitive information can be published. Using a password manager and two-factor authentication can reduce the odds of a password compromise.

    Software Updates

    No one uses the term “patches” to describe incremental changes to software. Instead, they use “updates.” Updates are patches that correct flaws in the original software. Many of those flaws are security related. 

    Failing to apply updates when received can create problems years later. Microsoft Exchange Server had a vulnerability that was exploited in 2021. The weakness was identified in the first days of the release and was patched shortly thereafter. Yet, hundreds of thousands of users failed to provide the update to 2013, 2016, and 2019 releases, exposing their critical assets.

    Establishing a software update policy should be part of any risk management plan.

    Email

    Email is a hacker’s best friend. They use it to direct users to malicious websites that download infected software. They impersonate companies to trick recipients into clicking on a link. Hackers are quite sophisticated in using a company’s logo on emails.

    Hackers look at online footprints to learn more about their targets. They may use LinkedIn to find executives or Facebook to learn where employees work. Collecting information enables them to create an online profile. Consider incorporating guidelines in employment contracts regarding online interactions regarding the company and its activities.

    Using a profile, cybercriminals may invite you to a golf outing or other event requiring online registration. Once you click on the registration site, the hacker deploys a virus that records keystrokes, captures screen data, and other information that helps them compromise you or your business.

    Protecting Your Digital Assets

    When it comes to protecting your company’s assets, you need a partner who can help implement the industry’s best practices. TechSeek offers small business customers a service, designed especially for their unique needs. From replacing a firewall to updating software, TechSeek has the expertise to ensure your property is protected.

[xyz-ihs snippet="Maintenance"]