BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Eight Proven Strategies To Deal With Cybercrime

Forbes Technology Council
POST WRITTEN BY
Forbes Technology Council

Security can no longer be an afterthought when building your company's online presence. Technology executives need to focus on cybersecurity as a core feature; in short, they must build systems now to detect breaches and deal with hacks before they happen.

To help protect your business from cybercrime, a panel of technology executives from Forbes Technology Council weigh in on the strategies they've used to combat potential threats.

Clockwise from top left: Dmitri Alperovitch, Erik Gustavson, Neill Feather, Pete Kistler, Tim Maliyil, Simon Crosby, Russell Greenwald, Ashley Saddul. All photos courtesy of the individual members.

1. Protect Your Most Visible Asset: Your Website

Websites are the most visible and vulnerable part of a company’s infrastructure. As hackers scan the Internet nonstop in search of weaknesses, companies should not overlook this vulnerable entry point in their cybersecurity defense strategy. Products like malware and vulnerability scanners and web-application firewalls can help you guard this important asset that is the face of your brand. – Neill Feather, SiteLock

2. Focus on Effects

Today, it’s clear that organizations can’t prevent 100 percent of intrusions. A sophisticated and determined adversary will eventually get in. This is why companies should focus on detecting the effects (also called indicators of attack) of malware and adversary activity, and not just look out for known bad signatures (known as indicators of compromise). You have to be prepared for the unknown. – Dmitri AlperovitchCrowdStrike

3. Remember That People Are Your Weakest Link

Even the most advanced technology can't prevent a great employee from accidentally opening your doors to cybercrime. Say "Mary" calls her assistant, asking for a server password after hours and he obliges. Their strong, alphanumeric 32-character password is now exposed in a plaintext email. These unintentional slip-ups happen; combat them by reiterating common sense practices to all of your employees. – Pete KistlerBrandYourself.com

4. Isolate Threats to Eliminate Data Breaches

We must adopt technology that is more secure by design. For example, isolating threats by segmenting the enterprise networks makes it harder for malware to penetrate an organization. Virtualization takes this a step further by making applications more resilient to attack. Reducing the attack surface makes the business of defending the enterprise much easier. – Simon CrosbyBromium Inc.

5. Make Sure Security Isn't an Afterthought

Think about security upfront, not as an afterthought -- cybercrime is on the rise and we need to think in terms of creating an immune system to detect and fight off infections rather than the impossible task of blocking 100 percent of attacks. – Erik GustavsonBitium

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

6. Include Information Security Early in Your Product and Service Design

Including data security practices early on in your product design or service process is the prevention that can save you the pain and losses of a data breach. Paying respect to data security guidelines like those imposed on regulated industries such as finance and healthcare can be a starting point for best practices. – Tim MaliyilAlertBoot

7. Keep All Systems Up-to-Date

A breach at the application or system level is the easiest of all hacks. Upgrade or patch up your OS, databases, server-side scripts, CMS, plugins, etc. as soon as an update is available. Don't reinvent the wheel -- applications should make use of a framework that gives you adequate protection out of the box. You should always plan for these maintenance projects, and have a dedicated team for them. – Ashley SaddulRecruiter.com

8. Have Internal Audits

Most companies wait until they are more mature to engage in SOC 2 or SSAE 16 audits. At that point, they are typically far behind where they should be. From initiation, have proper protocol and procedures in mind. Even if you are too small to have separation of duties, remember that you will once you hit a certain size. – Russell GreenwaldInsource Services, Inc.