In my last blog I interviewed our Security and Compliance Director, Ed Higgins and these are the three main take-aways from our discussion in order to protect your organization from cyber security threats.
1. Software is not perfect
It doesn’t matter how long a version of software has been on the market, how many engineers designed, developed, and tested it – software is not perfect. The one thing we can count on in the technology industry is that our platform will change, and because of that software cannot anticipate every possible development in the future. There lies the risk.
2. Educate yourself and your employees about cyber security threats
At Catapult we are required to complete periodic InfoSec Awareness training as a part of our ISO 97001 compliance. I would have expected that the information shared would be basic and topics I already knew. I was wrong. The hard part about keeping your organization secure against cyber security threats is that you must anticipate all the sneaky, low down, backstabbing, dishonest ways a bad guy might think of getting valuable information from your company. Fortunately, we don’t all have that mindset, but with that said, it is important to educate yourself and your employees to protect your business assets.
3. Understand your agreements
If you are leveraging third-party software, you need to understand your agreements to make sure your data is secure. An important part of that security is that your vendor is applying the latest security patches and working with current versions of the underlying software, including the database system to keep on top of cyber security threats that might come across. Your agreement should outline how they are protecting you and your corporate assets while they host your confidential data. Vendors should always upgrade and update to the latest platform. If the vendor’s environment is compromised, that vulnerability will be exposed to the customer as well. Customers should assure their vendors are always in a robust secure environment.
There are plenty of articles on how to upgrade, migrate, and extend security support for SQL Server 2008\R2 (see links below) and Catapult can assist with those methods. However, my goal is to not let us become complacent just because nothing has happened YET. Ask any organization that has been breached if it would have been worth the time and money to protect their servers well ahead of a vulnerability.
Be vigilant my friends!