Seven More NCSAM Tips for Cybersecurity Professionals: Week Two
In the cybersecurity world, October is National Cyber Security Awareness Month (NCSAM). To show our support, we collected 31 tips from IBM’s cybersecurity professionals that we are sharing with you throughout the entire month of October.
Seven Lessons From Week Two of NCSAM
We featured our first seven tips last week, including knowing where your risks are, protecting your network and prioritizing cybersecurity throughout every level of the organization. Here are seven more pieces of advice to help you strengthen your security posture during NCSAM and beyond.
8. Verify Emails Before Responding
Did you know that employees outpace fraudsters as source of cybersecurity threats? Employee training and engagement have a significant impact on an organization’s vulnerability to cyberattacks. Phishing, of course, is the usual suspect. According to a Keeper Security report, 54 percent of small or midsized businesses experienced a cyberattack in the past year, and 79 percent of those attacks were phishing efforts.
As a rule of thumb, all requests by email to send money or employee data such as W-2 forms should be verified before taking any action, even if they come from a person of authority such as a C-level executive.
9. Be Wary of Third-Party Access
Remember that security is only as strong as your weakest link, which includes everything in your ecosystem and third parties with which you do business. Sixty-three percent of all data breaches result from attacks launched through third-party vendors. Surprisingly, most top decision-makers still don’t regard third-party access as a top priority.
10. Deploy Data Loss Prevention Solutions
How can you stop someone from moving your sensitive data? Use data loss prevention (DLP) technologies. DLP tools help you identify, monitor and protect data in use or in motion on the network, as well as data at rest on desktops, laptops, mobile devices or in storage. The “2016 Cost of Data Breach Study” revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.
11. Encrypt Endpoint Data
Make sure your company is enforcing data encryption before a data breach happens. Many organizations are good about encrypting customer data, but not when it comes to their employees’ data. Encryption helps companies protect their information from loss or theft and mitigate the risk of unauthorized access to that data. A strong endpoint security solution can deliver a unified endpoint security and management platform that significantly improves security posture while reducing operational costs.
12. Speak the Language of Business
Talking to leadership about cyberthreats? Be sure to frame your discussion in terms of business risks, including loss of business-critical assets and data, reductions in productivity and production output, hampered business transactions, regulatory compliance and legal ramifications, negative impact to business reputation, lost revenue and increased cost to address incidents.
13. Verify Customer Identities
It is no secret that social-engineering attackers deploy phony social media profiles. Fake users can wreak havoc on any company. If you are not properly verifying users at registration, you may be giving bad actors an opportunity to steal confidential information, commit fraud and disseminate scams.
14. Disable SMBv1
Do you have SMBv1 protocol disabled? Don’t wait for the next WannaCry — disable or remove the protocol immediately. You can do this by using the group policy management console and adding a registry rule to disable or delete the protocol entirely with the remove programs/features dialog. You should apply this rule to all PCs across your network by running gpupdate/force from a command prompt.
Did you know it all? Well done! Share these NCSAM lessons to help companies stay safe and, come back next week for seven more tips!
Illustrations by Nathan Salla.