CEO at INE, a premier provider of Technical Training for the IT industry.

The recent cyberattack on the nation’s largest fuel pipeline showed how effortlessly and efficiently cybercriminals can breach security firewalls at major corporations. In the case of the Colonial Pipeline attack, the result was not limited to nationwide panic, a crippling gas shortage and fears over spiking prices. Colonial is also paying a hefty price after hackers infiltrated its system via a known ransomware vulnerability.
It is times like these that strike cold fear into business leaders’ hearts. “Will we be next?” we ask ourselves. “Are we doing everything we can to prevent this from happening to us?” Or, worse, “It is a foregone conclusion we’ll be attacked — there’s no way to prevent it.” Despite the growing sophistication of cyberattacks, there are three powerful ways to take control of your data and reduce the chances that you will become a victim.
1. Train your staff in cybersecurity-awareness practices.
Phishing emails are popular for one simple reason: They work well. When John Doe gets an email urging him to click a link for a picture of the cutest dog ever, John Doe should automatically reject the email. But too often, employees click links without thinking, opening tunnels between cybercriminals and their machines, who then infiltrate the company’s network. At that point, you are already a victim.
When you train your staff effectively to spot and reject suspicious emails, you can drastically cut down on the probability that your data will be breached. There are a number of free tools available that can properly train your staff in cybersecurity awareness best practices. Many are equipped with tools that allow managers to monitor employees’ training progress and receive flag alerts if an employee is taking risks. Company-wide cybersecurity awareness training is an essential first step in mitigating your chances of becoming a ransomware victim.
2. Test your own vulnerabilities.
You may have excellent firewall security, but how do you really know unless you test it yourself? Your team should be using tools built into Kali Linux and other systems to attack your own network and pinpoint vulnerabilities. Actively metasploiting and pentesting youself is crucial to knowing where and how you are open to attack. As vulnerability scans come back positive, you are able to see clearly where your holes are and develop an action plan to address those issues.
3. Secure your data in a way that assumes the first layer will be breached.
In building a security system around an assumption that your first layer will be breached, you are ensuring the second layer is impenetrable. There are a number of techniques by which to do this, and one of the most well-known is the HIPAA requirement.
The HIPAA Security Rule contains standards that must be applied to safeguard and protect electronic data, and it applies to any system with access to confidential patient data, typically medical centers. Outside the medical field, companies are not required to abide by this advanced level of security, but smart companies will take advantage of the resources that exist to provide an increased layer of protection.
It is more costly to partner with a hosted service that utilizes a HIPAA compliant data server, which acts as a deterrent to many corporations large and small. But you must ask yourself how much your business is worth; how much is the data inside your business worth? If it is worthless, don’t bother safeguarding it. But it if is valuable, you should protect it and pay money to do so.
Cyber threats are rampant, but taking a proactive approach to training and awareness can drastically reduce the chances that you or your company will be in the hot seat the next time a malicious cyberattack surfaces.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?