October 16, 2017 By Lucie Hys 4 min read

In the cybersecurity world, October is National Cyber Security Awareness Month (NCSAM). To show our support, we collected 31 tips from IBM’s cybersecurity professionals that we are sharing with you throughout the entire month of October.

Seven Lessons From Week Two of NCSAM

We featured our first seven tips last week, including knowing where your risks are, protecting your network and prioritizing cybersecurity throughout every level of the organization. Here are seven more pieces of advice to help you strengthen your security posture during NCSAM and beyond.

8. Verify Emails Before Responding

Did you know that employees outpace fraudsters as source of cybersecurity threats? Employee training and engagement have a significant impact on an organization’s vulnerability to cyberattacks. Phishing, of course, is the usual suspect. According to a Keeper Security report, 54 percent of small or midsized businesses experienced a cyberattack in the past year, and 79 percent of those attacks were phishing efforts.

As a rule of thumb, all requests by email to send money or employee data such as W-2 forms should be verified before taking any action, even if they come from a person of authority such as a C-level executive.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

9. Be Wary of Third-Party Access

Remember that security is only as strong as your weakest link, which includes everything in your ecosystem and third parties with which you do business. Sixty-three percent of all data breaches result from attacks launched through third-party vendors. Surprisingly, most top decision-makers still don’t regard third-party access as a top priority.

10. Deploy Data Loss Prevention Solutions

How can you stop someone from moving your sensitive data? Use data loss prevention (DLP) technologies. DLP tools help you identify, monitor and protect data in use or in motion on the network, as well as data at rest on desktops, laptops, mobile devices or in storage. The “2016 Cost of Data Breach Study” revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

11. Encrypt Endpoint Data

Make sure your company is enforcing data encryption before a data breach happens. Many organizations are good about encrypting customer data, but not when it comes to their employees’ data. Encryption helps companies protect their information from loss or theft and mitigate the risk of unauthorized access to that data. A strong endpoint security solution can deliver a unified endpoint security and management platform that significantly improves security posture while reducing operational costs.

12. Speak the Language of Business

Talking to leadership about cyberthreats? Be sure to frame your discussion in terms of business risks, including loss of business-critical assets and data, reductions in productivity and production output, hampered business transactions, regulatory compliance and legal ramifications, negative impact to business reputation, lost revenue and increased cost to address incidents.

Listen to the podcast series: A CISO’s Guide to Obtaining Budget

13. Verify Customer Identities

It is no secret that social-engineering attackers deploy phony social media profiles. Fake users can wreak havoc on any company. If you are not properly verifying users at registration, you may be giving bad actors an opportunity to steal confidential information, commit fraud and disseminate scams.

14. Disable SMBv1

Do you have SMBv1 protocol disabled? Don’t wait for the next WannaCry — disable or remove the protocol immediately. You can do this by using the group policy management console and adding a registry rule to disable or delete the protocol entirely with the remove programs/features dialog. You should apply this rule to all PCs across your network by running gpupdate/force from a command prompt.

Did you know it all? Well done! Share these NCSAM lessons to help companies stay safe and, come back next week for seven more tips!

Illustrations by Nathan Salla.

https://securityintelligence.com/guarding-the-crown-jewels-the-importance-of-intellectual-property-security-in-the-age-of-sprawl/

More from Risk Management

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today