Control isn’t just part of your job title. You’re making decisions that set your business up for long-term success. One of the quickest ways to derail this success? A data breach.
We’ve compiled a few key resources for controllers looking to understand the environment and their role in protecting their business from experts who know or know how to help.
What Should You Look for in Cybersecurity Software?
Did you know that the average cost of a data breach globally is $3.92 million? In the US, this jumps up to $8.19 million.
From the basics to additional controls, Prescient Solutions recommends seeking the following in cybersecurity software:
- Basic: If you do nothing else, do these two things: Use SSL and use antivirus software. That’s the bare minimum.
- Standard: The next level is the actual minimum, and includes two more levels of protection— virtual private networks (VPN) and firewalls.
- Likely Necessary: From here, most companies will need a bit more. According to prescient, this could include data loss prevention software, a cloud access security broker, intrusion prevention and detection, enterprise mobility management software, and more.
It pays to work with a company who can identify what you need and how to protect it, ultimately lowering costs and improving utility.
Take ERP Security Seriously
ERP data is often described as a company’s “crown jewels” because it contains a trove of valuable information. Customer data, inventory, budgets, payroll and sales orders are all types of data that ERP systems hold and transact. Too often, bad integration management and questionable shadow IT can do harm to the fortress you expect an ERP solution to be.
Organizations have been historically apprehensive to move their ERP to the cloud, but as this changes, it pays to pay special attention to how vendors work to deliver it. Learn more about how ERP security works from this TechTarget blog and stay tuned for our controller guide to Cloud SLAs by signing up for our newsletter.
Security in the Cloud: 5 Areas to Focus On
While securing your own assets is one part, knowing who to trust is another thing entirely. From gray market horror stories to flawed architecture, things can go wrong in the cloud. However, these are limited—if you know how your firm can protect itself. According to VAST IT Services, cloud security strategies should be built around architecture, people, vulnerabilities, tools, and process.
Learn more about how to evaluate and design around each from VAST.
It Pays to Invest in Security Awareness Training
One of the most devastating things that can happen to a business is a cyber attack, but business executives are not confident employees have had sufficient security training, according to a CybeReady report released today, “The State of Security Awareness Training,” which found 75% of execs to believe the most likely catalyst to a cyber attack is phishing.
With phishing being one of the most effective attack vectors, teaching employees how to identify and mitigate is the best way to minimize risk. More importantly, as attacks evolve, frequent training is important. Learn why it pays to invest from this TechRepublic article.
Beware the Platform Promise: Cybersecurity Platforms Are Hard to Come By
As a controller, you are often one of the most pragmatic individuals at your firm. If you have a smaller IT team, or have worked to outsource a lot of IT, one thing you should know if promised a cybersecurity “platform” is that the end result is rarely as comprehensive as it sounds.
According to the Business Software Education Center, many of the companies providing platforms are just rolling up point solutions but failing to deliver on the promises that a true platform can deliver. Learn more about the eight criteria a cybersecurity platform needs to deliver to be called as such here.