With any luck, 2016 will go down in history as one of the worst years for cyber security in history, and from here it will go up. After all, 2016 was the year of the largest data breach of all time from a single source, the Cold War Part II in cyber form, and the year that “half the internet shutdown” due to a cyber attack.
Time for a breather, right?
Unfortunately, at this time, by most estimates, cyber crime continues to be a booming business.
Here are some key cyber regulations on the horizon for 2017, which may help stop catastrophic hacks.
The Year of Employee Education
It only takes one employee misstep to lead to a catastrophic event in a company; too many organizations have learned this fact the hard way. The wrong click on an email attachment, the failure to recognize a false login page, or hastily, perhaps unwittingly, setting up a device with default system administration or user identification, can lead to a devastating blow to a company.
While certain organizations are targeted more frequently than others, such as banks and healthcare providers, no business is exempt.
Organizations that fail to make cybersecurity a priority in 2017 will be the ones that continue to face ransomware, suffer stolen data and lose money to corporate espionage.
The first regulation to set for 2017 is therefore internal policy. Employee education about basic cyber security measures should no longer be viewed as “extra” or “optional.” Required training can save money or even a business. Tougher third-party requirements, when sharing data with outside vendors, will also be necessary.
For highly targeted businesses, external network access, such as internet access, could even be viewed as a privilege earned, not a right automatically given. Only employees wear personal protective equipment (PPE) are allowed in a hard hat area, and only employees who practice safe cyber activity should be permitted online.
The Year of Two-Step Verification
For organizations seeking to be proactive about cyber security, 2017 will be the year of two-step verification systems. No single key opens a nuclear power reactor, and no single user password should blanketly access all data—not for a single tech admin or a single exec.
Email two-step verification systems are also proving more effective in workplaces that implement them.
In an era where hackers consider leaking incriminating information a worthwhile endeavor, every individual should also be careful with what is put in writing, particularly in electronic writing.
The Year of the Smart Chip
EMV cards have made their way into only about 60% of wallets, and only about 20% of vendors have set up EMV readers. EMV stands for Europay, MasterCard and Visa, and supporters tout improved standards, such as unique transaction codes generated for each purchase.
Not everyone is a fan of chip cards: transactions take longer and they may not improve transaction security to any measurable extent.
Still, the conversation has started and smart chips are the tool currently leading the way to safer digital trade.
The Year of the Ransomware Solution
No business would consider operating without antivirus software and a firewall, and 2017 will likely be the year of the Ransomware protection. Many internet security companies offer third-party protection and threat mitigation services.
The most basic solution is just the more frequent back-up. How much would it cost your business to lose a day’s worth of activity? An hour? A minute? Could you recreate the entire day’s activity from paper back-up? The hours? The minutes?
These questions should lead to the answer of how often you would need to run a back-up on a given activity, which you could roll back to in the event of a ransomware attack.
If you do not have sufficient paper trails, it may be time to re-look at how you do old-school work. Just as some Americans choose to pay by cash to avoid the risk of credit card fraud, some businesses are returning to written correspondence, paper accounting, and even fax communications, for certain types of activity.
The Year of the Federal Restructure
Most of these policy decisions are on a small scale, but for cyber regulation in 2017 to make an impact on the larger cyberverse, we desperately need a federal restructure.
The United States President has called for a national cybersecurity action plan and various tech minds have requested a federal cyber defense restructuring, but we have yet to see widespread implementation of a federal cyber plan on scale with that of rival nations such as Russia and North Korea.
The United States has led the way in innovation from areas as widespread as the motion picture industry and space travel, similar leadership is needed with regards to a cyber Geneva Convention: coordinated regulations for international cyber activity, as well as the ability to enforce cyber laws across borders.
Would all of these regulations stop catastrophic hacks? No, just as bank guards haven’t stopped all armed robbery, such regulations mostly mitigate threat and deter the amateur.
Still, you can at least prevent a cyber event in your own business