Now that the year is coming to an end, all eyes are on what’s possibly around the corner. More attacks on cryptocurrencies? An escalation in attacks by state-sponsored cyber criminals? Chaos as the EU’s GDPR is implemented? In cyber security, only one thing is certain: It’s a continuous game of Spy vs. Spy. As soon as one hole is plugged, hackers find another way in, and with every new technology comes a brand-new set of risks.

Here’s a list of cyber security tips that will protect your enterprise not only in the New Year but in the years to come.

Secure Your Cloud, Secure Your Cloud, Secure Your Cloud

The AWS breach epidemic made our list of the worst cyber attacks of 2017, so it’s not surprising that cloud security is at the top of our cyber security tips for 2018. The rule of thumb is that your cloud service provider is responsible for the security of your cloud, but your organization is responsible for the security in it. Understand that cloud security is quite different from on-premises cyber security, and make sure to seek professional help to ensure a successful and secure cloud migration.

Make Sure Your Business Associates Are Secure

The next item on our list addresses another epidemic we saw over this past year: incidents where hackers targeted the smaller, third-party vendors of larger organizations such as Verizon, the Republican National Committee, and Netflix. It is estimated that over 60% of all breaches now involve third-party business associates. Often, hackers target these firms because they tend to be smaller than their corporate customers and have less robust cyber security. Make sure to vet your vendors’ information security very carefully and ensure that they aren’t cutting corners.

Keep Your Software & Systems Updated

Both the WannaCry and NotPetya attacks targeted older, unpatched versions of Microsoft Windows, and the Equifax breach was the fault of the organization not updating its installation of Adobe Struts. Because hackers often exploit known vulnerabilities that developers have patched in security updates, one of the easiest ways to fend off cyber attacks is to keep your operating systems and software up to date.

Don’t Forget About Your Employees

The biggest security vulnerability in any organization is its own people. All of the updates, firewalls, and technical controls in the world will do you no good if an employee clicks on a link in a phishing email, shares their password “just this one time,” or “goes rogue” and decides to strike back against the company. Your cyber security plan should include continuous employee training on cyber security best practices as well as precautions to guard against malicious insiders.

Remember that Compliance Does Not Equal Cyber Security

It is of the utmost importance to comply with regulatory and industry standards such as HIPAA, PCI DSS, FedRAMP, and the upcoming GDPR. However, compliance is the starting point, not the do-all, end-all, of cyber security. Because today’s data environments are complex and unique, and the threat environment changes daily, it is impossible for any standard or framework to address every single possible risk and vulnerability that an individual organization may face.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.