Firms Must Set Their Own Security Rules, Or Else

Businesses should start to define for themselves what good and bad security practices look like, Potter said.

"Private industry must begin to train for a consistent set of procedures and standards," Potter said. "Because if we do not as a private sector, guess who will? The government."

Regulation is sparse outside of the Payment Card Industry (PCI) or the Health Insurance Portability and Accountability Act (HIPAA), so Potter said businesses should take it upon themselves to restrict the extent to which outside devices can roam on the company network and ensure that all employees are familiar with the organization's security policy.