Lessons Learned From a Major Security Breach

 
 
By Karen A. Frenkel  |  Posted 03-10-2016 Email Print this article Print
 
 
 
 
 
 
 
 
 
  • Previous
    Lessons Learned From a Major Security Breach
    Next

    Lessons Learned From a Major Security Breach

    The high-profile breach of a major financial firm is a harsh reminder for all businesses to re-evaluate cyber-security protocols and cyber-risk strategies.
  • Previous
    Install Proper Network Security
    Next

    Install Proper Network Security

    Hackers are thought to have gained access to J.P. Morgan employee login information and used their credentials to capture customers' email addresses, home addresses and telephone numbers. Suggestion: Install double authentication systems.
  • Previous
    Any Information Can Be Valuable in the Wrong Hands
    Next

    Any Information Can Be Valuable in the Wrong Hands

    J.P. Morgan's case proves that information with limited monetary worth can still be valuable in the wrong hands. Prioritize what electronic data is critical to your day-to-day operations and what therefore requires the most stringent controls.
  • Previous
    Don't Wait for Telltale Signs
    Next

    Don't Wait for Telltale Signs

    Take a proactive approach to addressing potential points of entry. Cyber-criminals are becoming more adept at slipping into data networks undetected, so don't assume your data is secure or uncompromised.
  • Previous
    Information and Communications
    Next

    Information and Communications

    A breach rarely occurs because of a single incident, so you must be able to collect and analyze meaningful information about your cyber-security. A system that aggregates data from different sources can identify patterns that indicate whether you are facing a breach.
  • Previous
    Monitor Cyber-Risk Activities
    Next

    Monitor Cyber-Risk Activities

    As risk environments evolve, so too should your cyber-risk strategy. Regularly monitor your strategy's effectiveness and those of third parties that administer your IT security. Present findings to key stakeholders for consideration.
  • Previous
    Train Employees and Security Principles
    Next

    Train Employees and Security Principles

    Employees can either be an asset or a liability when it comes to cyber-security. Conduct social engineering or facility breach exercises to evaluate how susceptible your employees are to phishing schemes or other cyber-attacks
  • Previous
    Understand the Value of What's at Risk
    Next

    Understand the Value of What's at Risk

    Know what assets are most valuable to your business and to others. Know where they are supposed to reside, where they actually do reside, who touches them and how access is managed.
  • Previous
    Be Proactive in Protecting Your Business
    Next

    Be Proactive in Protecting Your Business

    At minimum, accept that your security will be compromised. Be prepared to respond and get the basics right. Diligence can save you the embarrassment and financial impact of a major breach, so take proactive steps in anticipation of attacks
  • Previous
    Be Prepared to Respond
    Next

    Be Prepared to Respond

    Organizations that have developed incident response capabilities tend to recover faster and with less damage to their business and reputation than those that wait until an incident occurs to develop their cyber-security strategy.
  • Previous
    The Best Defense Is a Good Offense
    Next

    The Best Defense Is a Good Offense

    Having a proactive, robust plan helps minimize potential damage from a breach and can get an organization back on track faster in the wake of a disruptive event. If your resources are limited, hire a third party to supplement your information security capabilities. Don't go it alone.
 

During the last two years, Target, Home Depot, Sony and J.P. Morgan have been the victims of major data breaches. The J.P. Morgan case in 2015 is notable because the information compromised did not relate merely to personal information typically used for identity theft, like customers' Social Security numbers or credit card information. Rather, hackers used the email addresses they collected to solicit J.P. Morgan customers to purchase penny stocks. These high-profile crimes are reminders for all organizations to re-evaluate their cyber security protocols and carefully monitor and evaluate their cyber-risk strategies. Christopher Roach, managing director and national IT leader of CBIZ Risk and Advisory Services, said "Periodic cyber-risk assessments should be part of your monitoring activities so that you can see how your systems are holding up to internal and external risks in your operating environment." One recommendation: "Plan changes, such as adding a new third-party service provider or moving office locations are also good times to revisit and update your cyber-risk strategy." Here are 10 key lessons to learn from J.P. Morgan's missteps. 

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...