June 16, 2017 By Rick M Robinson 2 min read

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecosystem has emerged, with malware marketplaces and shadowy connections to state actors. No wonder people are alarmed.

But while there is no magic shield to protect data, analysts can take well-established, effective measures to improve their security posture, block many threats outright, minimize others and make all attacks far more difficult for criminals to execute.

Six Ways to Strengthen Your Security Posture

The bad news is that many organizations aren’t taking these security measures. The good news is that they are easy to implement. As InfoWorld pointed out, these six strategies require no magic and can make your organization much more secure.

1. Get Serious About Security

Hype and hysteria do not constitute taking security seriously, nor do declarative statements. In most organizations, according to InfoWorld, cybersecurity is treated as a “necessary, expensive evil.” A security program will not work if employees refuse to buy in and put in the elbow grease required to implement it.

2. Defend With Data

Data is powerful, for security as well as other functions. Your data will tell you where your actual risks lie, which is often quite different from what people think. For example, blocking traditional network attacks is of limited value if your greatest vulnerability is from social engineering.

3. Whitelist Outside Applications

We are more interdependent than ever before, which means more exposure to applications built by others. You need them, but you also need to control who has access to your vital systems and data. Whitelisting controls are the basic tools for ensuring that only trusted applications can get in the door.

4. Patch Persistently

If data is the latest thing, managing operating system and software patches sounds downright old-fashioned. But users rarely keep all their critical patches up to date, meaning that known security risk points are going unprotected. Why make it easy for attackers?

5. Train Employees to Spot Social Engineering

In the age of social media, the human factor is ever more critical. Spear phishing emails and sketchy websites have become the favored means of breaking into organizations. There is no purely technical measure to protect against a careless click — encouraging increased vigilance among employees is the only protection.

6. Pass on Passwords

Long before anyone had ever heard of social engineering, the human tendency to choose easy-to-guess passwords was a major security vulnerability. But in the social engineering age, even strong passwords are easy to steal. Two-factor authentication is far more difficult to crack than any single authentication measure.

Putting the Work In

Implementing these six effective security measures involves real work. It is easy to say you will train employees about social engineering threats, but not so easy to produce practical training sessions that show users the tricks used against them. It’s even more difficult to coordinate training sessions in the real world when employees already have full plates.

But just like security threats, effective security measures are very real and within reach. The sooner you start implementing them, the sooner you can stregthen your organization’s security posture.

Listen to the podcast series: Take back control of your cybersecurity now

More from Risk Management

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today