Earlier this month, on Oct. 19, The Wall Street Journal carried a shocking news headline: “CIA Director’s Personal Email Allegedly Hacked”… news that, ironically, is not so shocking to cyber security experts who know that data breaches are a severe and growing nemesis – with skillful hackers working individually, in groups collaborating on the “dark web” or as organized hacker cells with full support from their governments – cracking into America’s most secure personal, corporate and government databases and systems, to steal everything from personal information to corporate, business and government secrets, as Sony, Target and Home Depot learned the hard way. This can impact your corporate giving and CSR programs during the holiday season. Here’s how to avoid it:
Securing Internal Networks is Simply Not Enough
So how do these hackers typically worm in? By looking for and exploiting the weakest defenses, as the CIA hacker did – gaining information the old-fashioned way by assuming a false identity, making a few telephone calls and hacking in.
While companies spend millions of dollars securing their vital data centers and network routes, they often ignore securing outliers such as less secure (read “ignored”) remote offices that can access central systems. Hackers are well aware of this ‘IT priorities’ mindset that focuses more on the core and less on the rest, and exploit corporate networks with glee, often coming in from a side door and lurking in the shadows, completely unnoticed, triggering no alarms.
And with the rise of cloud computing, network-connected mobile devices and apps, and third-party software that we all rely on for personal and business operations, merely securing your company’s internal networks does not guarantee protection… so it’s imperative that corporations be extremely diligent about building in the highest levels of cyber security into all points of network access.
At CyberGrants, we work hard to ensure the highest levels of data security in our programs, so you can rest assured your employee and corporate data is safe and sound.
Implement the Highest Security Standards
Here’s something else to consider. In this collaborative economy, companies routinely rely on best-in-class experts to implement and administer specialized, non-core functions, and share confidential data that ranges from intellectual property to human resources records (employee profile, salary, direct deposit details, etc.)
For example, corporations often outsource corporate philanthropy programs to third-party CSR specialist firms that have web-based platforms that corporate employees can access to track volunteering and workplace giving programs, make donations through paycheck deductions or credit card accounts, etc. To facilitate this process, corporations give their partners up-to-date HR data and single sign on (SSO) tokens for authentication, but no data flows back to the corporation… lulling them into thinking all their data is secure even when it resides on third-party platforms.
But herein lies a significant potential weakness… if your partner’s IT systems do not implement the industry’s highest security standards, your sensitive data bears a high risk of getting hacked. So companies can indirectly fall victim and have sensitive data stolen if their partner’s defenses are weak.
Protect Every Point of Entry
The good news… the silver lining, if you will, of the several high profile corporate hack attacks over the past year… is that IT security teams now understand that they’ve got to secure every possible point of access, within and outside the company’s network boundaries. And are stepping up their efforts to make sure third-party apps and programs – such as corporate philanthropy and workplace giving platforms –implement the security industry’s highest standards for network security and data protection, and have a history of zero tolerance for practices that could put sensitive data at risk.
Must-Have Security Protocols
In addition to internal protections, companies must look for the following key cyber security attributes in partner solutions:
- Strong encryption of all sensitive data both when at rest in a database, and in motion when it’s being accessed and viewed
- SSAE-16 audit of controls
- PCI Certificate of Compliance (so sensitive payment information is secure)
- Continuous monitoring for Intrusion Detection
- Regular internal and external Vulnerability Assessments and Penetration Testing performed by leading third party organizations, with documented methods of remediation and proactive improvements.
- Multi-Factor Authentication and Authorization for any partner’s employee accessing systems
- HR standards providing for every employee, consultant or contractor of a partner organization to undergo background checks and attend mandatory security and data privacy training regularly.
- If there are individuals accessing the system from within the European Union the current standard is compliance with the Safe Harbor provisions of the Department of Commerce and to be proactively addressing the changes in this framework being implemented by the EU in 2016.
Corporate Cybercrimes Carry an Average Yearly Price Tag of $15.4 Million per Company
But even routine hacks steal billions in research and development, trade secrets, consumer data, corporate dirty laundry (think Sony), etc. As an article in CNN Money reports, cybercrime costs the average U.S. firm $15.4 million every year, double the global average of $7.7 million per company – so corporations in the U.S. clearly are juicier targets for hackers than corporations abroad, with the financial and energy sectors typically targeted the most. And the cost of dealing with the aftermath of a cyberattack can run into tens and hundreds of millions. So it simply makes more business and financial sense to tighten up your internal and external security loopholes, at each and every touchpoint and data repository, without exception – even if you have to pay a slight premium to partner with a company that goes the full-mile to keep your data as secure as technologically possible.
Reduce Risk and Potentially Save Millions with the Right Partner
So go ahead and implement programs such as employee volunteering and workplace giving that leverage best-of-breed partners. These programs are proven to have a strong positive impact on your business brand and do wonders for employee engagement in a cost-effective manner… But protect yourself by only engaging with providers that adhere to the industry’s highest and most comprehensive security standards… so you can boost your corporation’s business goals and make the world a better place through well intentioned corporate philanthropy, without having to worry about becoming the next target!