Consumers are still reeling from the 2017 Equifax data breach that affected more than 145 million Americans. And after each breach, all companies cringe and thank their lucky stars it’s not them and not something they have to deal with … yet.
In 2016, there was a 40 percent increase in data breaches from the previous year. According to identity theft protection provider IdentityForce, some of the major breaches were the U.S. Department of Justice, IRS, LinkedIn, Oracle and Cisco.
Companies are still struggling with how to best approach updating their security standards.
Tom Pohl, ethical hacker and vice president of IT systems at Businessolver, has a few key rules he lives by to keep Businessolver out of the cybersecurity breach headlines. He is one of the original developers of the company platform and knows what it takes to keep a company – and its clients – safe and secure:
1. Layer it:
Follow a multilayered approach throughout your security ecosystem. It’s not just a hard outer layer – companies need to build security protocols into each layer throughout their organization and applications. Consider the outer layer for secure edge caching, the web application and content firewall. DDOS protection, the web layer, then an application layer and so on. Layer after layer provides consisted onion-like protection for your client’s data, their customers' and employees' data, and your business’ data.
“We follow this approach to a T,” Pohl said. “I can confidently say that no penetration tester has been able to attach our platform and not be seen by a lot of people.”
2. Be humble and test it:
Always strive to do better and be better. There is always room for more testing and improvement. Make sure you stay relevant and up-to-date on standards, conduct regular internal and external code auditing, and run penetration and applications testing quarterly.
Bring in third parties to test to help provide that additional level of security and validation. Businessolver even allows clients to test their platforms in a secure environment against their own security protocols before they purchase.
3. Build it, don’t buy it:
Own all of the technology behind your company’s application and carefully choose partners throughout your security ecosystem. The problem with Equifax was they used the Apache Struts web-application software. When using a third-party, you must work with them. Equifax’s security team had the fix for the vulnerability that led to the hack, but they didn’t install it.
“At Businessolver, our entire security ecosystem and platform was architected in-house,” Pohl said. “This is important to us because we have our own skin in the game. We aren’t just protecting our clients. We use our own platform for our own business, so we are protecting ourselves as well. We are making company the strongest it can be, and giving our clients the same security and performance.”
4. A security-driven culture:
”Everyone on the team knows they play a part in protecting the security of our business and the business of our clients,” Pohl said. “We teach our developers good style and patterns to write the core and make sure its functional. From there it goes to the scrum team. Then the code goes through more peer review. Finally it goes into the master branch for review. Each team plays a roll to ensure that we are at our highest standards, always learning, evolving and being agile.”
Businessolver is a benefits administration technology company founded by HR professionals in 1998. It helps companies maximize benefits program investment, minimize risk exposure, and engage employees with their easy-to-use solution and communication tools so they can make wise and cost-efficient benefit decisions.