According to a recent post in NetworkWorld by Maria Korolov, the Massachusetts Institute of Technology (MIT) scored at the bottom in a cybersecurity survey of 485 large colleges and universities. For a prestigious university known internationally for producing talented individuals in the fields of technology, mathematics, statistics, and science taught by intelligent and knowledgeable professors, how did such a negative score happen?
SecurityScorecard, a security risk benchmarking platform, analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. (The full report can be downloaded for free by clicking here.)
SecurityScorecard’s Chief Research Officer Alex Heid explained, “When we dug in, we found that there are a lot of exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about. It’s common at colleges for students and faculty to move on and forget to shut down old projects.”
This report serves as a lesson to all industries and all sizes of businesses. First, no matter what INDUSTRY you’re in, you’re vulnerable. Don’t assume that you’re immune because you aren’t a financial institution, government entity, health organization, retail outlet, or educational institution. Second, no matter what SIZE your business is, you’re vulnerable. Hackers can, and are, everywhere. A mom-and-pop or family-run business is just as vulnerable as a publicly-traded Fortune 500 business – and just as vulnerable as all sizes in between.
But the most important lesson to learn from this report is that small and relatively obscure brands are just as vulnerable as the big and well-known brands. We learned this when the breaches occurred with Target, Anthem, United Airlines, UCLA Health System, and Mandarin Oriental hotels. Many experts thought these big businesses were immune. They were wrong.
Naturally, as all marketing experts say, you want your brand to be an industry leader. But in this instance, don’t let your brand be an industry leader when it comes to cybersecurity breaches. Instead, spend the time to implement these five recommendations:
 PRACTICE GOOD PATCH MANAGEMENT
The older a piece of software becomes, the greater the chance that hackers will discover vulnerabilities. Patch management helps alleviate this issue because as vulnerabilities are found, they are patched by the developer. Although an internal threat can bring a payload in-house through USB, DVD, or other bootable media that can attack a particular vulnerability. A patched vulnerability gives one less attack surface for a hacker to try in his/her attempt to gain a foothold.
 TRAIN EMPLOYEES ABOUT SECURITY
Unfortunately, the biggest risk to security is us. Human beings have a tendency to be sloppy with security protocols. As security personnel, we are taught that the best passwords consist of lower and uppercase letters, numbers, and special characters. Yet, people will always stick with the simplest things so that they can remember them.
 TRAIN PERSONNEL ABOUT EMAIL DANGERS
Make sure that you’ve trained employees about what to look for when opening email messages. Since many breaches happen as a result of opening email messages and attachments that should never have been opened, instruct employees to instantly delete emails that come from people they don’t recognize or receive email attachments from employees or people outside the company that they weren’t expecting.
 IMPLEMENT A DISASTER RECOVERY PLAN
Implement a disaster recovery plan so that all employees know who will access corporate data – and which data – in the event of a disaster and the amount of time that data may not be accessible – if at all, and the procedures to recover data after the disaster.
 BACK UP
Accept the fact that a breach may happen. But, if you back up your data on a regularly-set schedule depending on the value of your data and how often it is changed or updated, the re-creation of your data will not be one of your business’ headaches.
Since consumers can learn about breaches as soon as they happen, businesses should take responsibility and inform the public as soon as possible. The Privacy Rights Clearinghouse features a Chronology of Data Breaches and is updated daily. Here’s the link:
In case you’re wondering, the highest scoring university may surprise you: Merced Community College in Merced, California.
Image Credit: Stuart Miles via FreeDigitalPhotos.net.
This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.