In late 2016, smartphone seller BLU announced a large security breach that affected many of its users’ supposedly secure communications. In total, the company claims that the threat associated with a “Wireless Update” third-party application affected 120,000 devices. The application, which is intended to update the operating system on devices, was instead harvesting text messages, call logs, and contacts without authorization. The security firm that discovered the vulnerability, Kryptowire, said that all of the harvested data was sent to a Chinese server. According to BLU, the security issue was quickly removed, and the affected application has been self-updated and functionality restored.
If BLU is like most other companies, however, the breach is likely to have ramifications on its business for some time to come. Deloitte has found that “hidden” costs can amount to 90 percent of the total business impact on an organization and will most likely be experienced two years or more after the event.
Direct costs commonly associated with data breaches include:
- customer notification
- attorney fees and litigation
- technical investigation
- post-breach customer protection
- cybersecurity improvements
- public relations
Hidden costs of a data breach consist of:
- the value of lost contract revenue
- devaluation of trade name
- insurance premium increases
- operational disruption
- increased cost to raise debt
- loss of intellectual property
- lost value of customer relationships
When all is said and done, the average cost of a ransomware attack for a small- to medium-sized business is $99,000, per Kapersky Labs. According to the FBI, cyberattacks are increasing in frequency and intensity. Is your phone system protected against predators and/or unintended security breaches?
Take care to ensure it is by implementing best practices for protecting customer data in today’s hostile environment. Here are the SANS Institute’s recommendations, comprised of six steps—or defensive walls—that create multiple layers of protection to ensure secure communications:
1) Proactive Software Assurance
Eliminate any holes or vulnerabilities in your software applications that an attacker might be able to exploit.
2) Block Attacks at the Network Level
Create the outermost physical security layer to protect your data—at your organization’s perimeter: the network. This includes several complementary systems and processes: firewall, intrusion detection system (IDS), intrusion prevention systems (IPS), and managed security services.
3) Block Attacks at the Host Level
This is the security layer next in from the network perimeter. “Hosts” are any device or location where your data is housed: servers, databases, desktop computers, and mobile devices (or “endpoint devices”). Since host devices are no longer kept within the physical confines of your offices, you need the same level of protection here as you do at the network level: firewall, IDS, IPS, content filtering, and anti-malware.
4) Eliminate Security Vulnerabilities
Put strong security management practices into place, including: vulnerability management, patch management, and penetration testing.
5) Safely Support Authorized Users
Provide several related protocols to allow your staff, consultants, and other authorized personnel to safely access your data from anywhere. This defensive wall requires the coordinated use of: encryption, virtual private network, and data loss prevention.
6) Tools to Manage Security and Maximize Effectiveness
These are additional processes, applications, and practices that provide a final security layer. They include: log management, security incident, and event management and training.
When you deploy a Star2Star phone system, you are assured of top-level security, sustainability, and compliance. We take every precaution to maintain your secure communications. We place firewalls on all of our hardware, and we constantly monitor our network for anything suspicious, among other protections.