October 16, 2017 By Lucie Hys 4 min read

In the cybersecurity world, October is National Cyber Security Awareness Month (NCSAM). To show our support, we collected 31 tips from IBM’s cybersecurity professionals that we are sharing with you throughout the entire month of October.

Seven Lessons From Week Two of NCSAM

We featured our first seven tips last week, including knowing where your risks are, protecting your network and prioritizing cybersecurity throughout every level of the organization. Here are seven more pieces of advice to help you strengthen your security posture during NCSAM and beyond.

8. Verify Emails Before Responding

Did you know that employees outpace fraudsters as source of cybersecurity threats? Employee training and engagement have a significant impact on an organization’s vulnerability to cyberattacks. Phishing, of course, is the usual suspect. According to a Keeper Security report, 54 percent of small or midsized businesses experienced a cyberattack in the past year, and 79 percent of those attacks were phishing efforts.

As a rule of thumb, all requests by email to send money or employee data such as W-2 forms should be verified before taking any action, even if they come from a person of authority such as a C-level executive.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

9. Be Wary of Third-Party Access

Remember that security is only as strong as your weakest link, which includes everything in your ecosystem and third parties with which you do business. Sixty-three percent of all data breaches result from attacks launched through third-party vendors. Surprisingly, most top decision-makers still don’t regard third-party access as a top priority.

10. Deploy Data Loss Prevention Solutions

How can you stop someone from moving your sensitive data? Use data loss prevention (DLP) technologies. DLP tools help you identify, monitor and protect data in use or in motion on the network, as well as data at rest on desktops, laptops, mobile devices or in storage. The “2016 Cost of Data Breach Study” revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

11. Encrypt Endpoint Data

Make sure your company is enforcing data encryption before a data breach happens. Many organizations are good about encrypting customer data, but not when it comes to their employees’ data. Encryption helps companies protect their information from loss or theft and mitigate the risk of unauthorized access to that data. A strong endpoint security solution can deliver a unified endpoint security and management platform that significantly improves security posture while reducing operational costs.

12. Speak the Language of Business

Talking to leadership about cyberthreats? Be sure to frame your discussion in terms of business risks, including loss of business-critical assets and data, reductions in productivity and production output, hampered business transactions, regulatory compliance and legal ramifications, negative impact to business reputation, lost revenue and increased cost to address incidents.

Listen to the podcast series: A CISO’s Guide to Obtaining Budget

13. Verify Customer Identities

It is no secret that social-engineering attackers deploy phony social media profiles. Fake users can wreak havoc on any company. If you are not properly verifying users at registration, you may be giving bad actors an opportunity to steal confidential information, commit fraud and disseminate scams.

14. Disable SMBv1

Do you have SMBv1 protocol disabled? Don’t wait for the next WannaCry — disable or remove the protocol immediately. You can do this by using the group policy management console and adding a registry rule to disable or delete the protocol entirely with the remove programs/features dialog. You should apply this rule to all PCs across your network by running gpupdate/force from a command prompt.

Did you know it all? Well done! Share these NCSAM lessons to help companies stay safe and, come back next week for seven more tips!

Illustrations by Nathan Salla.

https://securityintelligence.com/guarding-the-crown-jewels-the-importance-of-intellectual-property-security-in-the-age-of-sprawl/

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today