Wake up, cybersecurity pros, and don't let your business be an easy target for cybercriminals. Learn why keeping digital infrastructure up-to-date should be an essential part of your strategy.
Tech pundits urge employees who secure their company's digital assets to keep infrastructure up-to-date. There are benefits to keeping digital assets up-to-date besides avoiding dire consequences, which may include losing the business, getting sued by clients, or being investigated by law enforcement. Security analyst Tony Bradley sheds light on these other benefits in this TechSpective column, and begins with something we all desire: Peace of mind.
Peace of mind
By keeping cybersecurity up-to-date and cybercriminals at bay, it tends to improve working conditions within an organization. Management and employees can focus on the business at hand, make a positive contribution to the financial bottom line, and have confidence in their future as well as the company's.
Gain customers' trust and increase sales
Unfortunately, there is no guarantee that having a pristine and up-to-date computing infrastructure eliminates the possibility of falling victim to a cyberattack. However, there is overwhelming evidence that cybercriminals are inclined to go after the most vulnerable targets, so it seems logical to avoid being the lowest-hanging fruit on the cyber-tree by assuring everything is up-to-date.
Keeping hardware and software current is especially important to companies involved in online sales. "If you run an e-commerce business, up-to-date cybersecurity is one of the keys to unlocking higher conversion rates on your digital storefront," writes Bradley.
Discerning customers are also looking at whether online businesses are certified by regulatory organizations. "One example is the presence of security badges that give notice extra precautions were taken to ensure the privacy and safety of the customer's information," explains Bradley. "You can get security badges from SSL certification companies like GeoTrust and payment processors like PayPal." Meeting minimum certification requirements often motivates companies to update hardware and software.
Better search-engine rankings
Search-engine rankings are seldom a consideration when investigating a data breach or a cyberattack, but they should be. The actual intrusion and resulting chain of events are bound to affect the company website's search-engine ranking; Bradley explains why:
"A cyberattack can cause extended downtime that renders a company's website inaccessible to search-engine crawlers—disrupting the indexing process and often leading to a drop in search-engine ranking. Downtime would also directly impact the experience of your visitors, encouraging them to look elsewhere for the information or products they need."
Better browsing experience for customers
With today's internet bandwidth, online customers expect websites to load fast. "Statistics show that 40% of users would abandon a website that takes over three seconds to load—a problem that's worse on mobile sites, where 53% of users would have left by then," writes Bradley. "In other words, businesses could be losing some of their website's potential revenue by failing to give customers a smooth browsing experience."
SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)
There are multiple ways for cybercriminals to affect the performance of a company's website and online business platform—a particularly devastating one would be a Distributed Denial of Service attack. The best defense includes ensuring all hardware and software are up-to-date, along with an action plan to offload the onslaught of website-debilitating traffic.
Securing third-party vendors
Tech-media archives are littered with tales of companies that have been illegally accessed via an exploited third-party vendor contracted by the victimized company. And, the break-in usually starts by scamming an employee or co-opting a vulnerable device and/or software of the third-party vendor.
The simple answer would be to keep the services in question in-house, but oftentimes that is not possible or affordable. So, educating employees, requiring appropriate security measures of third-party vendors, and deploying a virtual private network platform are typically pieces of the suggested solution.
SEE: You've been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)
Let's face it, implementing cybersecurity measures without assuring all components of a computing environment are up-to-date is false security. Besides filling security holes, keeping hardware and software up-to-date ensures the company's digital infrastructure is operating at peak efficiency.
Here's something to think about: Two hunters happen upon an angry bear that starts chasing them. One hunter yells to the other, "I sure hope I can outrun the bear!" The second hunter yells back, "Not me, I just want to outrun you!"
- As Microsoft moves more blogs off its MSDN and TechNet sites, here's how to stay current (ZDNet)
- Why cryptojacking malware is a bigger threat to your PC than you realise (ZDNet)
- Cross-site scripting attacks: A cheat sheet (TechRepublic)
- Man-in-the-disk attacks: A cheat sheet (TechRepublic)
- Don't be the weak link that brings us all down: Keep your OS patched and up to date (TechRepublic)
- How to improve security without treating your users like criminals (TechRepublic)
- IT pro's guide to effective patch management (free PDF) (TechRepublic)