Light Dark
October 23, 2017 By Lucie Hys 4 min read
CISO

National Cybersecurity Awareness Month (NCSAM) is a great time to enhance employees’ security knowledge and skills. IT professionals should use it as an opportunity to improve their security training methods, review the tools they use, and test their cybersecurity plans and processes.

Eight Lessons From Week Three of NCSAM

During week one and week two of NCSAM, we explained the importance of knowing where your risks are, securing your network, promoting cybersecurity enterprisewide, verifying emails before opening, and deploying data loss prevention and endpoint encryption solutions to protect sensitive information on all devices. Below are eight more tips to ring in the third week of NCSAM.

15. Have a Rock-Solid Patch Management Process

Vigilant patching can greatly reduce an organization’s exposure to cyberthreats. Organizations that excel at patch management typically impose installation deadlines based on the potential impact of the vulnerability, availability of exploit code and evidence of activity in the wild.

However, even when there is a patch available, many organizations still struggle to achieve complete patch compliance because they are unable to address fundamental questions such as how to deploy patches without interfering with the user experience or hindering productivity.

16. Enable Containerization

Did you know that 72 percent of organizations allow bring-your-own-device (BYOD)? A BYOD program can boost productivity and collaboration, minimize operating expenses and maximize customer support. However, a BYOD program can also compromise enterprise security if your mobile security policy is poor or nonexistent.

An effective BYOD policy requires corporate data to be encrypted. Devices must be secured with a personal identification number (PIN) or password and equipped with remote wiping or locking functionality. Thanks to containerization, you can keep your employees’ work and personal data separate, allowing IT to take a unified security approach and apply policies and actions across multiple devices.

Listen to the podcast: The Mobility Breakup Hour — From Your Ex To Your Next

17. Enable SSO and Conditional Access

If you are granting users access to corporate web and cloud apps, remember to enable single sign-on (SSO) and conditional access with identity management and unified endpoint management (UEM). SSO solutions make is easier for security professionals to implement policies and best practices such as using long, high-entropy passwords and changing them frequently.

18. Stay Current on Cybersecurity Trends and Threats

There are many sources of information on current security trends and threats, from threat intelligence sharing platforms to podcasts, articles, videos, forums, social media and more. How do you best maximize your time? Gregory Delrue suggested on Quora that security professionals should diversify their sources to avoid falling into an echo chamber. Many look to social media and blogs to keep up with current security trends, and we have also seen a great interest in security podcasts. Third-party tools and apps such as Buzzsumo and Feedly can also help you aggregate and discover the most popular content faster.

19. Manage and Segregate Your Data

How are you safeguarding your organization’s proprietary information? Centralize data into key hubs so it can be protected and controlled more easily. If a single access point is infected, the central data store will not be compromised.

20. Look for Malicious Activity Connected to Login Attempts

Account protection is one of the most direct and effective ways to protect your sensitive data. An effective fraud detection system can learn and adjust to emerging threats, and evaluate interactions and patterns to spot fraudulent activities.

21. Don’t Underestimate the Effective Power of Security Basics

While organizations should be ready for increasingly sophisticated attacks, many simple yet extremely effective malware campaigns are leading to complex security issues like never before. Bringing up the simplest things when it comes to security, even if it may seem to be redundant or common sense, is crucial for every company. Surprisingly, many organizations still fail to take very basic security measures.

22. Invest in Mandatory Cybersecurity Education and Training

While 99 percent of senior managers know security awareness training is critical to minimizing impact, according to an AXELOS report, less than half are doing more than the bare minimum. Meanwhile, 82 percent of companies are still using traditional cybersecurity training methods such as computer-based training and e-learning, and 54 percent only require employees to take an annual refresher course. Companies need to go beyond automated prevention tactics and actively engage users to identify safe waters and damaging phishing emails.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

Stay Tuned for More NCSAM Lessons

What advice would you give to security professionals? Let us know on Twitter with the hashtag #InfosecTips and stay tuned for the last batch of tips from our security professionals.

Illustrations by Nathan Salla

 |  | 
Lucie Hys
Product Marketing Manager, IBM Security

More from CISO
May 14, 2024

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature