Friday, Sep 4, 2020
BY: Team Nuspire
Cyberattackers follow the news, looking for opportunities. Organizations about to go public—and those that recently completed IPOs—call attention to themselves through media announcements and investment community buzz. As a result, these companies may be targeted for their intellectual property, financials and other “crown jewels.”
A breach or data leak is the last thing you want to have right before or right after an IPO – a critical time when your brand needs to be perceived as positively as possible. The right cybersecurity plan helps protect your brand because it puts controls in place to safeguard your business, prevent breaches and just as important, recover quickly should there be an incident.
It’s best to tailor a cybersecurity strategy and program to your needs and environment but certain best practices are recommended for pre- and post-IPO companies. Be proactive about managing cybersecurity risk, and you’ll send a positive message to investors, board members and other stakeholders.
A top priority is implementing data loss prevention (DLP), a cybersecurity control for sensitive information that provides monitoring, detection and blocking capabilities for data that is in use, in motion and at rest.
DLP is sometimes overlooked because organizations tend to focus on endpoint protection and firewalls — also essential controls. And make sure your firewall is a next-generation firewall (NGFW) that protects against advanced threats like phishing and ransomware.
Phishing attempts cause 22% of breaches and ransomware attacks are linked to 27% of malware incidents.
We at Nuspire, we also encourage you to:
- Implement an intrusion prevention system (IPS) that finds and stops exploits in network traffic.
- Use a web application firewall to filter, monitor and block HTTP traffic to and from web applications.
- Practice good network cyber hygiene by implementing segmentation and applying the principle of least privilege.
- Take advantage of cloud security monitoring tools.
- Provide cybersecurity awareness training to employees so they know what to do and what not do online.
- Give your IT team advance notice and a preliminary timeline of IPO-related media and events. They can keep a closer eye than usual on logs and watch for unusual activity.
- Have redundancy and availability plans in place so your business can keep functioning should a disruption occur.
While cybersecurity frameworks used to be recommended mostly for larger organizations or those with mature cybersecurity programs, this thinking has changed. A good one to start with is the National Institute of Standards and Technology (NIST) Cybersecurity Framework. According to industry analyst firm IDC, the NIST framework is readily applicable to a well-defined cyber-resiliency program. The framework provides guidance for each step of cybersecurity planning: identify, protect, detect, respond and recover.
Think in terms of layers of defense as the most effective way to preserve your good name and reputation. Layers make it as difficult as possible for cyberattackers to reach your most valuable data.
If you need help prioritizing next steps, consider a cybersecurity assessment, including a remote breach assessment, to identify strengths and opportunities for improvement.
Sources: Verizon, Data Breach Investigations Report, 2020 and IDC Perspective, Cyber-Resilience, June 2019.