By: Katie Wilson, Marketing Director, Clone Systems
In March, the SEC announced 28 new cyber security regulations and the PCI standards council announced new regulations for penetration testing. As hackers increase the breadth and depth of their attacks on company networks, companies are going to find they have to comply with more and more regulations. But how can companies keep up with these ever-changing standards and what can they do to ensure they maintain compliance and stay secure?
Most companies can benefit from making PCI or other scanning and reporting services part of a process. Many security companies already offer scanning as a service, so you don’t have to do it all in-house. These companies can provide auditor-approved reports and can also tell you where your network and data are vulnerable so you can make patches as necessary. Just making scanning an automatic, recurring process can save you a lot of time and hassle in the long run. If the process is automatic and repeatable then your company will significantly reduce its chances of falling out of compliance. Most scanning vendors will have PCI certification as well, so you won’t have to worry about keeping up with PCI’s changing standards.
Incident Response Plan
Attacks are not 100% preventable. There are a plethora of things you should do to protect your customers, but you must also be prepared for hackers to break through your defenses. If this happens (and it will), you need an incident response plan. An incident response plan will include:
While regulations continue to expand, hackers are getting better at finding weaknesses, which means even if you meet every security regulation, you might still get hacked. Having an incident response plan in place can ensure hackers are stopped before they get too much data and that you can respond appropriately to the attack.
99% of attacks are discovered by experts outside of your organization. Utilizing a third-party to handle your security can enhance your overall posture and also help ensure you are keeping up with new and increasing regulations. Third-parties will keep up with changing regulations so you can focus on tasks that are important to your bottom line.
Implementing an automatic scanning process, having an incident response plan, and utilizing outside experts can help keep your network secure even as regulations change.