National Cybersecurity Awareness Month (NCSAM) is a great time to enhance employees’ security knowledge and skills. IT professionals should use it as an opportunity to improve their security training methods, review the tools they use, and test their cybersecurity plans and processes.
Eight Lessons From Week Three of NCSAM
During week one and week two of NCSAM, we explained the importance of knowing where your risks are, securing your network, promoting cybersecurity enterprisewide, verifying emails before opening, and deploying data loss prevention and endpoint encryption solutions to protect sensitive information on all devices. Below are eight more tips to ring in the third week of NCSAM.
15. Have a Rock-Solid Patch Management Process
Vigilant patching can greatly reduce an organization’s exposure to cyberthreats. Organizations that excel at patch management typically impose installation deadlines based on the potential impact of the vulnerability, availability of exploit code and evidence of activity in the wild.
However, even when there is a patch available, many organizations still struggle to achieve complete patch compliance because they are unable to address fundamental questions such as how to deploy patches without interfering with the user experience or hindering productivity.
16. Enable Containerization
Did you know that 72 percent of organizations allow bring-your-own-device (BYOD)? A BYOD program can boost productivity and collaboration, minimize operating expenses and maximize customer support. However, a BYOD program can also compromise enterprise security if your mobile security policy is poor or nonexistent.
An effective BYOD policy requires corporate data to be encrypted. Devices must be secured with a personal identification number (PIN) or password and equipped with remote wiping or locking functionality. Thanks to containerization, you can keep your employees’ work and personal data separate, allowing IT to take a unified security approach and apply policies and actions across multiple devices.
17. Enable SSO and Conditional Access
If you are granting users access to corporate web and cloud apps, remember to enable single sign-on (SSO) and conditional access with identity management and unified endpoint management (UEM). SSO solutions make is easier for security professionals to implement policies and best practices such as using long, high-entropy passwords and changing them frequently.
18. Stay Current on Cybersecurity Trends and Threats
There are many sources of information on current security trends and threats, from threat intelligence sharing platforms to podcasts, articles, videos, forums, social media and more. How do you best maximize your time? Gregory Delrue suggested on Quora that security professionals should diversify their sources to avoid falling into an echo chamber. Many look to social media and blogs to keep up with current security trends, and we have also seen a great interest in security podcasts. Third-party tools and apps such as Buzzsumo and Feedly can also help you aggregate and discover the most popular content faster.
19. Manage and Segregate Your Data
How are you safeguarding your organization’s proprietary information? Centralize data into key hubs so it can be protected and controlled more easily. If a single access point is infected, the central data store will not be compromised.
20. Look for Malicious Activity Connected to Login Attempts
Account protection is one of the most direct and effective ways to protect your sensitive data. An effective fraud detection system can learn and adjust to emerging threats, and evaluate interactions and patterns to spot fraudulent activities.
21. Don’t Underestimate the Effective Power of Security Basics
While organizations should be ready for increasingly sophisticated attacks, many simple yet extremely effective malware campaigns are leading to complex security issues like never before. Bringing up the simplest things when it comes to security, even if it may seem to be redundant or common sense, is crucial for every company. Surprisingly, many organizations still fail to take very basic security measures.
22. Invest in Mandatory Cybersecurity Education and Training
While 99 percent of senior managers know security awareness training is critical to minimizing impact, according to an AXELOS report, less than half are doing more than the bare minimum. Meanwhile, 82 percent of companies are still using traditional cybersecurity training methods such as computer-based training and e-learning, and 54 percent only require employees to take an annual refresher course. Companies need to go beyond automated prevention tactics and actively engage users to identify safe waters and damaging phishing emails.
Stay Tuned for More NCSAM Lessons
What advice would you give to security professionals? Let us know on Twitter with the hashtag #InfosecTips and stay tuned for the last batch of tips from our security professionals.
Illustrations by Nathan Salla