October 16, 2017 By Lucie Hys 4 min read

In the cybersecurity world, October is National Cyber Security Awareness Month (NCSAM). To show our support, we collected 31 tips from IBM’s cybersecurity professionals that we are sharing with you throughout the entire month of October.

Seven Lessons From Week Two of NCSAM

We featured our first seven tips last week, including knowing where your risks are, protecting your network and prioritizing cybersecurity throughout every level of the organization. Here are seven more pieces of advice to help you strengthen your security posture during NCSAM and beyond.

8. Verify Emails Before Responding

Did you know that employees outpace fraudsters as source of cybersecurity threats? Employee training and engagement have a significant impact on an organization’s vulnerability to cyberattacks. Phishing, of course, is the usual suspect. According to a Keeper Security report, 54 percent of small or midsized businesses experienced a cyberattack in the past year, and 79 percent of those attacks were phishing efforts.

As a rule of thumb, all requests by email to send money or employee data such as W-2 forms should be verified before taking any action, even if they come from a person of authority such as a C-level executive.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

9. Be Wary of Third-Party Access

Remember that security is only as strong as your weakest link, which includes everything in your ecosystem and third parties with which you do business. Sixty-three percent of all data breaches result from attacks launched through third-party vendors. Surprisingly, most top decision-makers still don’t regard third-party access as a top priority.

10. Deploy Data Loss Prevention Solutions

How can you stop someone from moving your sensitive data? Use data loss prevention (DLP) technologies. DLP tools help you identify, monitor and protect data in use or in motion on the network, as well as data at rest on desktops, laptops, mobile devices or in storage. The “2016 Cost of Data Breach Study” revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

11. Encrypt Endpoint Data

Make sure your company is enforcing data encryption before a data breach happens. Many organizations are good about encrypting customer data, but not when it comes to their employees’ data. Encryption helps companies protect their information from loss or theft and mitigate the risk of unauthorized access to that data. A strong endpoint security solution can deliver a unified endpoint security and management platform that significantly improves security posture while reducing operational costs.

12. Speak the Language of Business

Talking to leadership about cyberthreats? Be sure to frame your discussion in terms of business risks, including loss of business-critical assets and data, reductions in productivity and production output, hampered business transactions, regulatory compliance and legal ramifications, negative impact to business reputation, lost revenue and increased cost to address incidents.

Listen to the podcast series: A CISO’s Guide to Obtaining Budget

13. Verify Customer Identities

It is no secret that social-engineering attackers deploy phony social media profiles. Fake users can wreak havoc on any company. If you are not properly verifying users at registration, you may be giving bad actors an opportunity to steal confidential information, commit fraud and disseminate scams.

14. Disable SMBv1

Do you have SMBv1 protocol disabled? Don’t wait for the next WannaCry — disable or remove the protocol immediately. You can do this by using the group policy management console and adding a registry rule to disable or delete the protocol entirely with the remove programs/features dialog. You should apply this rule to all PCs across your network by running gpupdate/force from a command prompt.

Did you know it all? Well done! Share these NCSAM lessons to help companies stay safe and, come back next week for seven more tips!

Illustrations by Nathan Salla.

https://securityintelligence.com/guarding-the-crown-jewels-the-importance-of-intellectual-property-security-in-the-age-of-sprawl/

More from Risk Management

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today