Cybersecurity
Cybersecurity should be a significant consideration as your organization develops a digital transformation strategy.
Data that’s held on your network or in the cloud, such as intellectual property (IP), financial data, employee information, clinical trial information, and research results are enticing to bad actors and are at risk. Through a variety of strategies, such as phishing, ransomware, and social engineering, bad actors can try to find and exploit vulnerabilities.
If you can apply practical security through these basic hygiene measures, then you can remove some of those opportunities and decrease the risk of an attacker infiltrating your network.
Below are eight areas to focus on to lower the risk of a cyberattack and reduce data loss.
Security awareness training
There are reasonable, robust, and readily available ways to train and test employees with realistic, orchestrated phishing and social engineering campaigns — two common methods bad actors use to gain access to a network.
Train employees to inspect URLs before clicking on any links or images in their emails and conduct regular tests to help employees become familiar with phishing emails and malicious links.
Identity and access management
There are several principles that are very important from a security perspective around identity and access management.
- Least privilege. Give administrative access to only those who need it to perform their job.
- Segregation of duties. One person shouldn’t complete an entire process from start to finish by without oversight.
- Reviews. Review user accounts for unknown users or suspicious user activity.
- Privileged access management. Establish controls so that administrative accounts are only used when necessary.
- Robust authentication methods. Create complex passwords or utilize multifactor authentication to boost security and prevent attacks.
Device and software inventory
Maintaining accurate inventory of all software and hardware is a foundational and critical part of a cybersecurity program. It’s important that inventory records of approved hardware and software are accurate so that accepted controls can be implemented to protect hardware and software from threats.
Maintaining inventories can be done manually with spreadsheets, passively with a device or software that listens to network traffic, or actively, with software that’s constantly scanning the network for active devices.
Implementing some type of inventory process enables faster remediation. If something happens, it’s easier to remedy the issue if there’s an accurate inventory list to determine which devices are the problem.
Accurate inventories also simplify the decommission process. Attackers look for outdated, vulnerable servers and software. An inventory can make it easier to assess devices and determine what needs to be updated or decommissioned.
Vulnerability management
A vulnerability management program can be multipronged. Two important aspects are patching and antivirus.
- Patching. When a software bug is found, developers, testing teams, and security researchers will issue a patch, which is a piece of software that remedies that bug and fixes it with new code
- Antivirus. When vulnerabilities within software programs are found, attackers could write a program, or virus, to leverage those vulnerabilities
Auditing and logging
Logging software activity can happen at the application level — each action a user takes — and the application level — the number of connections, memory spikes, or high CPU usage indicating malicious activity.
Benefits of creating an auditing and logging process include finding inefficiencies, identifying attackers, and increased visibility.
Data encryption
For life sciences companies, one of the biggest business assets may be your data. Determine what data is the most sensitive and what data is the most highly valued.
The value and sensitivity of your data will help determine what protections you put in place, such as how you access it, who uses it, and the availability.
Encryption
For data in storage or in transit, there should be a level of encryption for these environments. Encrypting data stores and data transmissions could prevent you from having to pay regulatory fines should you be attacked.
To protect data, look at your firewall settings, make sure you're using the most up to date transport layer security, and implement a file integrity monitoring system.
Data back-ups
Data that’s backed up should have the same level of security, or more, as data in the production environment. Production data and data backups should both be encrypted with strong encryption keys.
Determine how often this data is being overwritten, when it will be archived, if it has continuous data protection, and who’s responsible for the data.
Incident response, disaster recovery, and business continuity planning
How resilient is your organization when it comes to a data breach? Attacks are just a question of when.
- Prioritize. Make cybersecurity a priority in your company
- Train. Staff should be trained, and training should encompass members from many different departments
- Perform a business impact analysis. Identify critical data, critical business functions, services, and IT equipment that could be impacted in the event of a cyberattack
- Test. Incident response plans should be tested on a regular basis and can help reduce the time it takes to recover from an attack
- Respond. Timely response after an internal attack, or when a supplier or vendor is attacked, is critical
Cyber supply chain risk management
Supply chain risk management is being aware of any additional risk that’s being introduced into your organization through an outside supplier, vendor, or software. If providers are at a high risk, you may not want to do business with them.
Vet a new provider to help identify any potential problems before you sign a contract. With new or existing suppliers or vendors, you can monitor what they’re doing with your data, including when they’re accessing data, why they need access, and who’s accessing it. You can also log the activity to assess what happened in the event of an attack.
After a provider has been offboarded you can continue to keep security in mind by removing access to your network and email and request that third-party service providers turn over all data in their environment or provide proof data has been rendered unreadable.
