By: Katie Wilson, Marketing Director, Clone Systems

In March, the SEC announced 28 new cyber security regulations and the PCI standards council announced new regulations for penetration testing. As hackers increase the breadth and depth of their attacks on company networks, companies are going to find they have to comply with more and more regulations. But how can companies keep up with these ever-changing standards and what can they do to ensure they maintain compliance and stay secure?

Scanning Process

Most companies can benefit from making PCI or other scanning and reporting services part of a process. Many security companies already offer scanning as a service, so you don’t have to do it all in-house. These companies can provide auditor-approved reports and can also tell you where your network and data are vulnerable so you can make patches as necessary. Just making scanning an automatic, recurring process can save you a lot of time and hassle in the long run. If the process is automatic and repeatable then your company will significantly reduce its chances of falling out of compliance. Most scanning vendors will have PCI certification as well, so you won’t have to worry about keeping up with PCI’s changing standards.

Incident Response Plan

Attacks are not 100% preventable. There are a plethora of things you should do to protect your customers, but you must also be prepared for hackers to break through your defenses. If this happens (and it will), you need an incident response plan. An incident response plan will include:

  • Emergency contacts for the experts who can stop the attack.
  • Experts on staff (or through a vendor) who can disrupt the hacker’s kill chain. Your security team must be able to stop the attack before it gets any more data from your network.
  • A customer support and dialogue process. If you are attacked, you must let customers know and you must help them recover whatever data was lost. You must keep customers informed both so they continue to trust you and so they know what to do with their information to keep it safe.
  • Patching what was hacked and analyzing how the hacker got in. From there, you need to not only patch what was broke, but also harden your environment so future attacks can’t happen.

While regulations continue to expand, hackers are getting better at finding weaknesses, which means even if you meet every security regulation, you might still get hacked. Having an incident response plan in place can ensure hackers are stopped before they get too much data and that you can respond appropriately to the attack.

Outside Experts

99% of attacks are discovered by experts outside of your organization. Utilizing a third-party to handle your security can enhance your overall posture and also help ensure you are keeping up with new and increasing regulations. Third-parties will keep up with changing regulations so you can focus on tasks that are important to your bottom line.

Implementing an automatic scanning process, having an incident response plan, and utilizing outside experts can help keep your network secure even as regulations change.