Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecosystem has emerged, with malware marketplaces and shadowy connections to state actors. No wonder people are alarmed.

But while there is no magic shield to protect data, analysts can take well-established, effective measures to improve their security posture, block many threats outright, minimize others and make all attacks far more difficult for criminals to execute.

Six Ways to Strengthen Your Security Posture

The bad news is that many organizations aren’t taking these security measures. The good news is that they are easy to implement. As InfoWorld pointed out, these six strategies require no magic and can make your organization much more secure.

1. Get Serious About Security

Hype and hysteria do not constitute taking security seriously, nor do declarative statements. In most organizations, according to InfoWorld, cybersecurity is treated as a “necessary, expensive evil.” A security program will not work if employees refuse to buy in and put in the elbow grease required to implement it.

2. Defend With Data

Data is powerful, for security as well as other functions. Your data will tell you where your actual risks lie, which is often quite different from what people think. For example, blocking traditional network attacks is of limited value if your greatest vulnerability is from social engineering.

3. Whitelist Outside Applications

We are more interdependent than ever before, which means more exposure to applications built by others. You need them, but you also need to control who has access to your vital systems and data. Whitelisting controls are the basic tools for ensuring that only trusted applications can get in the door.

4. Patch Persistently

If data is the latest thing, managing operating system and software patches sounds downright old-fashioned. But users rarely keep all their critical patches up to date, meaning that known security risk points are going unprotected. Why make it easy for attackers?

5. Train Employees to Spot Social Engineering

In the age of social media, the human factor is ever more critical. Spear phishing emails and sketchy websites have become the favored means of breaking into organizations. There is no purely technical measure to protect against a careless click — encouraging increased vigilance among employees is the only protection.

6. Pass on Passwords

Long before anyone had ever heard of social engineering, the human tendency to choose easy-to-guess passwords was a major security vulnerability. But in the social engineering age, even strong passwords are easy to steal. Two-factor authentication is far more difficult to crack than any single authentication measure.

Putting the Work In

Implementing these six effective security measures involves real work. It is easy to say you will train employees about social engineering threats, but not so easy to produce practical training sessions that show users the tricks used against them. It’s even more difficult to coordinate training sessions in the real world when employees already have full plates.

But just like security threats, effective security measures are very real and within reach. The sooner you start implementing them, the sooner you can stregthen your organization’s security posture.

Listen to the podcast series: Take back control of your cybersecurity now

More from Risk Management

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read