SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity best practice for 2021: What does it look like?
Fri, 29th Jan 2021
FYI, this story is more than a year old

There are new best practices for both enterprises and consumers to help keep data protection top of mind for 2021, according to Yoji Watanabe, president and chief executive of of Cybersecurity Cloud (CSC).

Experts are predicting that there will be an increase in cybersecurity attacks in 2021 as hackers continue to exploit remote workforces, and human-operated ransomware causes more damage. In fact, experts forecast cybercrime will cost the world more than $6 trillion in 2021.

According to Watanabe, for an enterprise to follow best practice, they should classify data and its protection requirements, and implement adequate controls to protect against data breaches that can not only lead to financial loss but a loss in customer trust and brand reputation.

"Follow security measures to keep individuals personal information safe from inappropriate and unauthorised access and ensure the minimum level of access to perform required functions," he says.

Businesses should keep an accurate inventory of your hardware and software and keep everything up to date.

"Old, unsupported software that has not been patched can open up vulnerabilities to employees and to the entire company, a situation that can give cybersecurity teams nightmares," says Watanabe.

"Make sure you are staying compliant with all national, regional and industry privacy laws and regulations that apply to your business," he adds.

"GDPR, CCPA/CPRA, and other data privacy and protection regulations have started to really take hold and we can expect to see continued adoption of regulations that meet the gold standard of GDPR across the globe and increased enforcement and fines."

Watanabe says it is important businesses be aware of flaws in their security measures, including Virtual Private Network (VPN) connections.

"VPNs are dedicated network systems that install a dedicated router, set up a virtual dedicated line on the internet and are used as a means of securely connecting to corporate networks from outside the company," he explains.

"But there are more and more cases of VPN vulnerabilities being exploited by hackers, says Watanabe, including VPN passwords being used by third parties."

Watanabe recommends businesses consider setting up a cloud-based Web Application Firewall (WAF), a next-generation firewall that is essential for security measures.

"Ransomware attacks, phishing, credential stuffing and clickjacking are all security issues that WAFs aim to prevent and protect against," he says.

"WAFs are becoming an increasingly integral part of IT security as a way to protect business networks against malicious third-party attacks like Distributed Denial of Service (DDoS) attacks to direct hacking activity, to malware infiltration and exfiltration.

"Using a purpose-built tool like CSCs WafCharm helps enterprises maximise WAFs security features in a hassle-free way."

Watanabe says businesses must be transparent about how they collect, use and share consumer personal information.

"Communicate clearly and concisely to the public what privacy means to your organisation and the steps you take to achieve and maintain privacy," he says.

For consumers to follow best practice, Watanabe says people should b e wary about using free Wi-Fi.

"Many people connect to free Wi-Fi on the go, but that is a system that is easy to snoop on in the first place", says Watanabe.

"If a hacker finds an access point name that resembles a cafe or an airport, and you inadvertently use it, you end up sending your information to the hacker instead of talking directly to the hotspot," he says.

"The hacker also has access to every piece of information you send outemails, phone numbers, credit card information and business data.

"Today's Wi-Fi encryption standards are flawed, and there is a possibility that anyone near you could easily access your information if you use a Wi-Fi network."

Watanabe says consumers need to employ basic risk prevention measures that include creating a strong, uncrackable password.

"Cybercriminals have several password-hacking tactics at their disposal, but the easiest one is simply to buy your passwords off the dark web," he says.

"If you've been using the same password for many years, there is a good chance that it's been compromised.

"Never use sequential numbers or letters or use personal information such as your name or date of birth. Make it long, use a mix of characters, use different passwords for different logins and update your passwords regularly."

Finally, Watanabe says consumers should make informed decisions about how they share personal information with organisations by considering the amount of personal information they are asking for and weighing it against the benefits they may receive in return.

"This includes being thoughtful about what you share the apps on your computer or mobile device including your geographic location, contacts list and photo album," he says.

"Delete unused apps and keep others secure by performing updates."