At Coro, cybersecurity is our highest priority.
Cybercrime constantly threatens our everyday lives, from our jobs and privacy to our healthcare. And while cyberdefense measures are continually evolving, so are the cyberthreats.
MGM Resorts, Altice USA, Pabbly, and Estee Lauder are just a few of the companies that experienced major cybersecurity breaches in 2020. In March 2020, an unidentified database exposed the personal details of over 200 million Americans, with more than 800 gigabytes of data showing their credit ratings, addresses, contact numbers, and even personal interests.
You and I may well have had our personal data stolen in a mass cyberattack. Just about everything we do involves the internet. So we all need to be aware of the risks posed by cybercrime if we’re going to be responsible about how we use technology.
These are 3 basic things everyone should know about cybersecurity:
1) The biggest challenge to the future of IT is cybersecurity
Information Technology (IT) and the Internet of Things (IoT) are about how people communicate with machines, how people communicate with one another through machines, and how machines communicate with one another. There are inherent risks associated with machine communication; 70% of our most-commonly used devices contain security vulnerabilities, according to Ernst & Young Global.
2) The largest problem is humans using these machines
People rely heavily on computers, cell phones, software, networks, etc. Often we use them to share critical information. But human error can open us up to cyberthreats.
For example, a government employee may leave their laptop with classified information exposed in public. An employee may use public Wi-Fi to check their work email or have a weak password for their account login. An executive might click a malicious link in an email that looks like it was sent from a coworker. Those are unintentionally careless scenarios. However, targeted threats such as shoulder surfing, phishing, and card skimming are malicious attacks that prey on users who are vulnerable or careless.
3) These are the biggest cybersecurity risks right now
Some of the biggest cybersecurity challenges we have to be mindful of involve social engineering, supply chains, and mobile authentication:
Social Engineering – Cybercriminals use AI to scan social media accounts of staff members who may inadvertently post sensitive company information. It’s important to warn employees against posting anything sensitive on social media that could be used in scamming or phishing attacks.
Supply Chains – Your organization might have top cybersecurity measures, but what about the vendors you work with? Many organizations are falling victim to cyberattacks targeting less secure elements within their supply chain. It’s important that your vendors also have their own SOC certification. At a minimum, you must ensure that all your vendors operate their IT and data security in a way that is SOC compliant.
Identity & Mobile Authentication – We are all connected to the internet across multiple devices. Because our personal information is more frequently stored on the cloud, a strong password may not be sufficient. Continue using strong passwords, but also limit your use of free/public Wi-Fi networks and be mindful of the information you expose on these networks. Multi-factor authentication is hugely important in adding extra layers of protection to your personal accounts. This system uses two or more factors to login: a password, a security token and/or biometrics.
At Coro, we have zeroed in on our cybersecurity threats and challenges from day one. Our entire business strategy and IT infrastructure have been built on a robust cybersecurity foundation.
What are the best practices to stay safe?
Companies must remain vigilant about cybersecurity and work to ensure that they and their employees are compliant with best-use practices. Cybersecurity must be part of the underlying technology architecture, so it needs to be baked in from day one as well as be implemented from the top down. Chief Information Security Officers (CISOs) are critical positions. Companies are seeing them less as tech advisors on the sidelines and more as essential components in building their business strategy, compliance, and risk assessment, and cybersecurity continuity.
Another crucial practice is SOC 2 compliance. SOC is an independent, third-party auditing system that was developed by the American Institute of Certified Public Accountants (AICPA). SOC is based on the principles of security, availability, processing integrity, confidentiality, and privacy.
In 2014, the AICPA established the higher SOC 2 certification standard. It’s specifically designed for service providers storing customer data in the cloud – so almost every SaaS company, and companies using the cloud to store customer information. Today, these businesses have to meet SOC 2 requirements to minimize risk and exposure for that data. SOC 2 requires companies to establish and follow strict information security policies and procedures that are in line with the unique parameters of today’s cloud requirements (which cover things like availability, integrity, and confidentiality of customer data). As companies increasingly use the cloud to store data, SOC 2 compliance is becoming a necessity for a wide variety of organizations.
Security is Coro’s top priority!
Rest assured, at Coro. We completed our SOC 2 audit and received our certifications in 2019.
We are acutely aware of how intrinsic cybersecurity must be at every level of our company, from employee training to the role of our CISO and the approach of all our executives.
Having achieved our SOC 2 Type I Certification in 2019, we are working on obtaining our Type II Certification in 2020 – the most coveted and hardest to maintain information security certification. This validates Coro’s adherence to security measures and guidelines at every level of our organization.