Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecosystem has emerged, with malware marketplaces and shadowy connections to state actors. No wonder people are alarmed.

But while there is no magic shield to protect data, analysts can take well-established, effective measures to improve their security posture, block many threats outright, minimize others and make all attacks far more difficult for criminals to execute.

Six Ways to Strengthen Your Security Posture

The bad news is that many organizations aren’t taking these security measures. The good news is that they are easy to implement. As InfoWorld pointed out, these six strategies require no magic and can make your organization much more secure.

1. Get Serious About Security

Hype and hysteria do not constitute taking security seriously, nor do declarative statements. In most organizations, according to InfoWorld, cybersecurity is treated as a “necessary, expensive evil.” A security program will not work if employees refuse to buy in and put in the elbow grease required to implement it.

2. Defend With Data

Data is powerful, for security as well as other functions. Your data will tell you where your actual risks lie, which is often quite different from what people think. For example, blocking traditional network attacks is of limited value if your greatest vulnerability is from social engineering.

3. Whitelist Outside Applications

We are more interdependent than ever before, which means more exposure to applications built by others. You need them, but you also need to control who has access to your vital systems and data. Whitelisting controls are the basic tools for ensuring that only trusted applications can get in the door.

4. Patch Persistently

If data is the latest thing, managing operating system and software patches sounds downright old-fashioned. But users rarely keep all their critical patches up to date, meaning that known security risk points are going unprotected. Why make it easy for attackers?

5. Train Employees to Spot Social Engineering

In the age of social media, the human factor is ever more critical. Spear phishing emails and sketchy websites have become the favored means of breaking into organizations. There is no purely technical measure to protect against a careless click — encouraging increased vigilance among employees is the only protection.

6. Pass on Passwords

Long before anyone had ever heard of social engineering, the human tendency to choose easy-to-guess passwords was a major security vulnerability. But in the social engineering age, even strong passwords are easy to steal. Two-factor authentication is far more difficult to crack than any single authentication measure.

Putting the Work In

Implementing these six effective security measures involves real work. It is easy to say you will train employees about social engineering threats, but not so easy to produce practical training sessions that show users the tricks used against them. It’s even more difficult to coordinate training sessions in the real world when employees already have full plates.

But just like security threats, effective security measures are very real and within reach. The sooner you start implementing them, the sooner you can stregthen your organization’s security posture.

Listen to the podcast series: Take back control of your cybersecurity now

more from Risk Management

A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.  Many of the vulnerabilities in the report are not new. Instead, the report…