October 23, 2017 By Lucie Hys 4 min read

National Cybersecurity Awareness Month (NCSAM) is a great time to enhance employees’ security knowledge and skills. IT professionals should use it as an opportunity to improve their security training methods, review the tools they use, and test their cybersecurity plans and processes.

Eight Lessons From Week Three of NCSAM

During week one and week two of NCSAM, we explained the importance of knowing where your risks are, securing your network, promoting cybersecurity enterprisewide, verifying emails before opening, and deploying data loss prevention and endpoint encryption solutions to protect sensitive information on all devices. Below are eight more tips to ring in the third week of NCSAM.

15. Have a Rock-Solid Patch Management Process

Vigilant patching can greatly reduce an organization’s exposure to cyberthreats. Organizations that excel at patch management typically impose installation deadlines based on the potential impact of the vulnerability, availability of exploit code and evidence of activity in the wild.

However, even when there is a patch available, many organizations still struggle to achieve complete patch compliance because they are unable to address fundamental questions such as how to deploy patches without interfering with the user experience or hindering productivity.

16. Enable Containerization

Did you know that 72 percent of organizations allow bring-your-own-device (BYOD)? A BYOD program can boost productivity and collaboration, minimize operating expenses and maximize customer support. However, a BYOD program can also compromise enterprise security if your mobile security policy is poor or nonexistent.

An effective BYOD policy requires corporate data to be encrypted. Devices must be secured with a personal identification number (PIN) or password and equipped with remote wiping or locking functionality. Thanks to containerization, you can keep your employees’ work and personal data separate, allowing IT to take a unified security approach and apply policies and actions across multiple devices.

Listen to the podcast: The Mobility Breakup Hour — From Your Ex To Your Next

17. Enable SSO and Conditional Access

If you are granting users access to corporate web and cloud apps, remember to enable single sign-on (SSO) and conditional access with identity management and unified endpoint management (UEM). SSO solutions make is easier for security professionals to implement policies and best practices such as using long, high-entropy passwords and changing them frequently.

18. Stay Current on Cybersecurity Trends and Threats

There are many sources of information on current security trends and threats, from threat intelligence sharing platforms to podcasts, articles, videos, forums, social media and more. How do you best maximize your time? Gregory Delrue suggested on Quora that security professionals should diversify their sources to avoid falling into an echo chamber. Many look to social media and blogs to keep up with current security trends, and we have also seen a great interest in security podcasts. Third-party tools and apps such as Buzzsumo and Feedly can also help you aggregate and discover the most popular content faster.

19. Manage and Segregate Your Data

How are you safeguarding your organization’s proprietary information? Centralize data into key hubs so it can be protected and controlled more easily. If a single access point is infected, the central data store will not be compromised.

20. Look for Malicious Activity Connected to Login Attempts

Account protection is one of the most direct and effective ways to protect your sensitive data. An effective fraud detection system can learn and adjust to emerging threats, and evaluate interactions and patterns to spot fraudulent activities.

21. Don’t Underestimate the Effective Power of Security Basics

While organizations should be ready for increasingly sophisticated attacks, many simple yet extremely effective malware campaigns are leading to complex security issues like never before. Bringing up the simplest things when it comes to security, even if it may seem to be redundant or common sense, is crucial for every company. Surprisingly, many organizations still fail to take very basic security measures.

22. Invest in Mandatory Cybersecurity Education and Training

While 99 percent of senior managers know security awareness training is critical to minimizing impact, according to an AXELOS report, less than half are doing more than the bare minimum. Meanwhile, 82 percent of companies are still using traditional cybersecurity training methods such as computer-based training and e-learning, and 54 percent only require employees to take an annual refresher course. Companies need to go beyond automated prevention tactics and actively engage users to identify safe waters and damaging phishing emails.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

Stay Tuned for More NCSAM Lessons

What advice would you give to security professionals? Let us know on Twitter with the hashtag #InfosecTips and stay tuned for the last batch of tips from our security professionals.

Illustrations by Nathan Salla

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today