“Mark Zuckerberg, painted portrait DDC_87” (CC BY 2.0) by Abode of Chaos
In a world where Facebook has fallen from grace and found itself in the middle of a data harvesting scandal, issues of cybersecurity, privacy and transparency have come to the fore once again. With 87+ million users having their data harvested by Cambridge Analytica without explicit consent, business owners, staff and consumers now want to know more about staying safe online. For those that followed Facebook founder Mark Zuckerberg’s Congressional testimony, one of the most interesting discoveries was not the things he did know but what he didn’t. Whether advised to stay quiet by his legal team or not, Zuckerberg faltered on what seemed to be some basic questions regarding data storage, sharing and protection. This, for many, could be the greatest failure of the CEO: to not have a firm grip over his company’s IT system.
Essentially, people are more concerned about data security than ever before, which is why you as a business owner need to know how to keep your employees safe. With modern technology being what it is, there are plenty of ways to protect your company’s data, systems and services. One of the most commonly used products to allow for such protection is a web application firewall (WAF). Designed to monitor inbound traffic to web applications, this firewall prevents attacks which, in turn, can lead to loss of data and data theft. Any business with systems connected to a network should see this type of software as a standard.
Although the Zuckerberg testimony focused on a range of topics, one takeaway can be argued to be how important an understanding of technology is not only for specialists but for its users, too. Time and again, it was pointed out that users were not familiar with the full extent of privacy options on Facebook.
Indeed, in the wake of the Facebook news, the company’s share price dropped by 8%. Although the lack of clear information from the CEO wasn’t fully responsible for the decline, it certainly didn’t help. Essentially, what this demonstrates is that it’s crucial to communicate how and why your service is safe, both to clients/customers and to your staff. By doing so, you not only empower your staff in the fight against data theft but prove to your customers that your business is safe.
Explaining What WAFs Are
“Iptables Firewall Rules” (CC BY 2.0) by xmodulo
As a boss, the best way to explain the mechanics of a web application firewall (WAF) to your employees is to describe it as a filtration system. In other words, WAFs sit between a company’s IT system and the internet at large and analyze the traffic coming in. As a standard, a WAF from a recognized brand will automatically stop the top ten cyberthreats as listed by the Open Web Application Security Project (OWASP). Additionally, the latest software should also protect against the Automated Top 20 threats. From SQL injections to illegal resource access, a fully deployed WAF will prevent against the attacks most commonly experienced by small to medium businesses.
Beyond the basic mechanics of what a WAF can do, it’s also important to understand its benefits. Being a web-based application means it’s flexible. Users can either deploy the software onsite or remotely via cloud servers. The benefit of this is that it cuts down on costs by removing the need for specific hardware. What’s more, like all cloud applications, there’s a large degree of flexibility within the system. In other words, a company can customize the protocols to filter specific types of traffic and, more importantly, to create individual reports. In fact, this is the other important benefit of using a WAF. Protecting applications against the biggest online security threats is only useful if you’re able to track and understand the traffic that’s coming through the system.
Protecting Your Company from Real Threats
“Data Security” (CC BY 2.0) by Visual Content
Having the ability to explain how WAFs work isn’t just a PR exercise. Although it’s important to communicate how your security provisions work, you can’t ignore the fact that cyberthreats are a reality. In 2017, cyberattacks surged, with the Online Trust Alliance reporting 159,700 major global incidents. Between the likes of WannaCry, Shadow Brokers and Goldeneye (which evolved from Petya), online businesses were under threat more than ever last year.
For those that fail to fully understand and utilize WAFs, the cost of a data breach can quickly mount up. According to the Ponemon Institute’s 2017 report, the average cost of a data breach at a major company is $3.6 million. In specific terms, the cost of a single stolen record is $141. For a small or medium sized business, that can be a lot of money. For this reason, more than anything else, WAFs are essential. In fact, by communicating the dangers of an attack and how your business is protected, you should be able to satisfy your customers that their data isn’t in danger. This, in turn, should help you avoid the hole Mr. Zuckerberg found himself in during the first quarter of 2018.