5 Tips for Strong Cybersecurity

Armed guards stand post as the week’s payroll cash is unloaded outside a Central American apparel factory. A fit model for a leading brand discreetly slides out the back door of the sample room, careful not to draw attention to herself. A designer tosses a sheet over a storyboard before turning out the lights and heading home for the evening. A systems administrator locks the data room door as he goes to lunch.

Each of these individuals plays a role in the security of valuable corporate assets—assets that increasingly exist not only in the physical world but the digital world, too. In some cases, a fashion company’s most valuable property is in digital form, at least for some period of time.

Digital transformation of retailing and supply chains has opened opportunities to grow sales, share information faster and manage processes seamlessly and cost effectively. Cloud computing has given businesses newfound flexibility to scale their technology to meet current and future requirements without the burden of huge investments in hardware, maintenance and IT staff. But with these advances come new types of security threats and the need for new security practices—for cybersecurity.

“The dramatic increase in broad ransomware attacks such as WannaCry and Petya/NotPetya mean that nobody is immune from attack,” according to Gartner. “Also, the increasing connectedness of digital business ecosystems expands and extends enterprise risks, so while your organization may not be a target, your partners may be.”

While the risks are real, they can be managed. Digital commerce can be conducted securely and safely with the proper vigilance, software solutions and smart cyber practices. The technology is here today to enable teams to work from anywhere at anytime securely, but their organizations must ensure data is shared and received in a secure manner.
 

Crafting a Cybersecurity Strategy

Here are five best practices to help your business cultivate a corporate culture that values cybersecurity and keeps your valuable resources safe.
 

#1 – Build a Culture Prioritizing Cybersecurity

As with any other mission-critical corporate function, cybersecurity deserves serious C-suite support. If company leaders do not understand or appreciate the importance of securing digital assets and processes, then they might not allocate appropriate resources to cybersecurity. Their mindset could waterfall to staff and suppliers, leaving the company unsuspecting and vulnerable. Cybersecurity must be driven by upper management.

“We know it’s the culture, values, attitudes and beliefs of the organization that drive the behaviors,” said Keri Pearlson, executive director, Cybersecurity at MIT Sloan, in a VentureBeat article. “If you think cybersecurity is important, then you’re more likely to take cyber secure options. If your manager takes time to share the latest breaches they saw or heard about or fake websites, it’s going to raise not only your awareness but the priority and importance of that kind of topic in your mind.”
 

#2 – Educate Your Team

Proactively arm your organization against cyber threats to stay a step ahead of cybercriminals and hackers. Education is crucial to empower team members to protect their personal data and your business information, capital and digital assets. Offer security awareness training on an ongoing basis.

It’s particularly important to educate associates about phishing attacks. With this cyber threat, a cybercriminal sends a spoofed email, masquerading as a company leader. They try to trick the email recipient into revealing information, routing money or clicking a link that infects the company’s computer systems. Usually employees who fall prey to these attacks are trying to be helpful and think they are accommodating a request from their boss, but their boss never asked for that help. It was a cybercriminal.

With regular cybersecurity training and implementation of secure processes, team members know to be on their guard, and companies protect their assets.
 

#3 – Secure and Audit Your Ecosystem — Continuously

The best defense is a good offense. A good security posture includes appropriate controls to detect, identify, isolate and remediate security issues in real time.

Conduct a risk assessment of your corporate ecosystem to evaluate internal and external processes, systems and security controls. If one vendor has a poor security posture, that vendor might unknowingly allow access into your ecosystem.

Certifications and standards compliance matter. Ask to see your technology partners’ and vendors’ audit reports and compliance documentation. CGS, for example, is compliant with the Payment Card Industry Data Security Standard (PCI DSS) and has achieved Type 2 System and Organization Controls (SOC) certification. “[SOC 2] is designed to test and provide a report surrounding an organization’s internal security controls. Once obtained, a SOC 2 report can be provided to potential clients, partners and other third parties as proof of a robust security program,” said a recent LinkedIn article by a Microsoft digital security consultant. “A Type 2 report is the gold standard for SOC 2 security assessments and validation.”

Smart fashion and consumer goods businesses prioritize cybersecurity in selecting and auditing both technology providers and supply chain production partners and suppliers. This includes evaluating shop-floor wireless access point security and cybersecurity of solutions, processes and people servicing suppliers’ technology stacks.

Like cybersecurity training for your team, digital security audits and upgrades should receive consistent attention to keep defenses strong. It has to be an ongoing effort, not a one-time shot.
 

#4 – Back Up Your Data

Data backups are an important defense against ransomware attacks, in which cybercriminals infect files and block businesses from their own information. “The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive,” said McAfee, a leading security software provider. “This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This protects your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but it can mitigate the risks.”

When it comes to your enterprise solutions, look for a technology provider who leverages best-in-class anti-ransomware technology. For example, CGS partners with Veeam to ensure customers always have backups for rapid, reliable data recovery.
 

#5 – Hire a CISO or Consult a Virtual CISO

The chief information security officer (CISO) is an important leadership position for retail, fashion and consumer goods companies. Organizations can hire their own CISO or contract for CISO services, referred to as virtual or fractional CISOs. CISOs “oversee strategic, operational and budgetary aspects of data management and protection,” according to CyberDegrees. “These professionals work closely with fellow executives to develop information security policies and procedures.”

Regardless of their size and business model, companies need someone minding the farm when it comes to cybersecurity. Gartner identified four misconceptions about the need for a CISO:

• “We are not regulated, so we don’t need a CISO.”
• “We are small; we are not a target.”
• “We don’t have anything anybody would want.”
• “We can’t afford to hire a CISO, so we’ll put the engineer (or architect or administrator or systems administrator) in charge of security.”

Gartner sees flaws and risks in each statement. For example, are you sure you “don’t have anything anybody would want”? “This outlook may be accurate if you have no customers, no employees, no intellectual property, no business processes, and no shareholders or stakeholders — but that would also mean that you don't have a business,” Gartner said.

“For organizations that need [cybersecurity leadership] but are not in a position to bring in a full-time and often very costly qualified CISO, the virtual CISO — a combination of staff augmentation, consultant, advisor and strategist — might be an option,” said Jeffrey Wheatman, vice president, Gartner Advisory.

Do you want to learn more about cybersecurity best practices? Contact CGS today and ask how CGS BlueCherry^® delivers best-in-class solutions securely, efficiently and cost effectively.