Technology is becoming more advanced by the day, and companies across the globe are doing their best to keep up. From new advancements in artificial intelligence to software programs that promise to make the workday easier, many companies are jumping on the opportunity to acquire new advancements.
However, the potential of these new tech tools can sometimes blind companies to the potential cyber risks that come with them. Here, a panel of Forbes Technology Council members shares tips to help companies minimize potential cyber risk when adding new technology tools.
1. Combine Identity Management And Holistic Software Security
A fundamentally strong baseline combo of identity management and holistic software security makes it much safer to adopt new tech without increasing risk. Placing identity-based multifactor authentication and authorization in front of everything and having a constant, proactive means for establishing trust in your software assets create a positive security environment in which you can adopt the next “hot tech” without increasing your risk. – Jason Schmitt, Synopsys, Inc.
2. Bring In Security Experts Early In The Purchasing Process
Bring the right team members and experts in this area into the conversation as early as possible. Too often, this is still only seen as a tick-box exercise late in the buying process. Transparency is key; the right questions need to be asked right from the first discussions in the purchasing process. Open conversations should form part of an organization’s cybersecurity strategy. – Markus Bernhardt, OBRIZUM
3. Integrate Security In Every Stage Of The CI/CD Pipeline
Organizations are adopting continuous deployment strategies as a reaction to risks from a heightened global security climate. Stepping back and integrating security into every stage of a CI/CD pipeline is critical to securing the development supply chain and realizing the advantage of DevSecOps. It starts with shifting left and evaluating your current code base and risks with static code analysis. – Tim Van Ash, AutoRABIT
4. Proactively Identify Threats And Countermeasures
You want to identify potential cyberthreats and countermeasures early—well before implementation. This can be done as a whiteboard exercise all the way up to data flow analysis (depending on your risk tolerance). Then assess how much you want to invest in the countermeasures. Accordingly, you can accept, reject or look for ways to reasonably reduce the risk (by using cyber insurance, for example). – Altaz Valani, Security Compass
5. Ask New Tech Vendors Key Questions
There are some key follow-up items to ask a new tech vendor with respect to cybersecurity security. Ask them to describe their information security program and safe coding techniques. Identify key security certifications—such as ISO27, CSA, NIST and so on—and if possible, engage your in-house security lead to assess the vendor. Finally, ensure your key security requirements are in the contract. – Mark Schlesinger, Broadridge Financial Solutions
6. Run A Risk Assessment Evaluation
New tech tools must be subjected to a risk assessment evaluation to determine their vulnerabilities and identify the potential gaps in the existing security controls. It provides an insight into the assets that need protection and areas that are likely to be exploited by cybercriminals. The insights are very instrumental in designing and prioritizing cybersecurity mitigation strategies. – Roman Taranov, Ruby Labs
7. Change Passwords Often
We can all get into the habit of being complacent when it comes to cybersecurity. It is very important to remember to change your password monthly for maximum protection. This is essential, especially when you are using the same password for multiple different applications. If you want to add an extra layer of security, try using a dual authorization key to log in too! – Alex Rees, TPR Industrial Inc.
8. Map Data Accessibility
Cybersecurity assessments have, of course, become common with today’s technology choices. However, mapping the data accessibility of technology tools is a critical— and often overlooked—step during new tech adoption. Mapping data accessibility provides a transparent view of data sensitivity and the associated risks. – Sayandeb Banerjee, TheMathCompany
9. Implement New Tools In Accordance With Established Risk Management Processes
Cloud computing is an increasingly popular way to develop new products. But before jumping into a new cloud service, assess the potential risks that come with it. Always implement your new tool in accordance with the company’s risk management process, and consider a zero-trust approach and multifactor authentication to ensure security. – Mike Walters, Action1
10. Implement A Zero-Trust Security Model
Implementing a zero-trust security model provides a strong foundation for companies looking to mitigate new cyber risks. Through the process of auditing all access permissions across your organization, you’ll get a better sense of where you’re most vulnerable to potential threats and can consider countermeasures as part of your cybersecurity playbook. – Garry Wiseman, Nautilus, Inc.
11. Advance Your Cyber Strategy As Your Organization Transforms
Advancing technology is key to staying ahead, but it also brings security risks. When investing in digital, not only must cyber have a seat at the table, but the decision-makers must continuously ensure their cyber strategy aligns with the organization’s overall transformation journey. New tools are important, but infusing cybersecurity into strategy and investment decisions around innovation is most critical. – Jeff Wong, EY
12. Perform Regular Cybersecurity Health Assessments
If your software is rapidly evolving, performing thorough, recurring cybersecurity health assessments, in addition to standard testing during development and deployment, is critical. Security must be a core consideration before any architecture is decided on and before new tools are integrated. Involve the experts from the beginning to avoid scrambling to find them later. – Rashad Nasir, ThinkCode
13. Build And Test An Incident Response Plan
Build and test a robust incident response plan. Everyone—IT and business professionals—must know their responsibilities in the event of a data breach or attack. Threats can come anytime, from any direction. You will never be 100% prepared for a breach. A robust and well-tested incident response plan helps your organization to prepare intentionally. – Olga V. Mack, Parley Pro