Even though Cyber Security Awareness month has passed, it is important to remain diligent and and stay aware to defend yourself from threats. I recently worked with CSO Magazine to put together a series of best practices that organizations and their users should follow (both in and out of the corporate network) to minimize threats and reduce risk.
While IT security education may be part of an organization’s onboarding process, many people still don’t realize that they shouldn’t open an email from an unidentified source, or even those from a friend or coworker that have uncharacteristic links or text. And inevitably they still do.
These phishing attacks run the risk of infecting organizations and can further expose a company's critical assets. From phishing emails to password sharing, to downloading applications using corporate email logins; there are a myriad of actions that pose significant risks to organizations.
Here are some highlights of the best practices that I shared with CSO. You can read the full story in this CSO Slideshow.
- Ask the question: is this for work?
With the plethora of apps out there, many people download and register for consumer applications to help streamline their work processes. If an application looks interesting but hasn’t been explicitly approved by work, use personal login credentials.
- What harm can sharing my password do? Time to reconsider.
When sharing passwords with those who may lack security awareness, it no longer becomes a matter of who you trust, but whether or not they can spot risks and evade them before it is too late. When passwords are shared, one individual's risk becomes everyone's problem. In short: keep a password for one.
- Joe left the company 5 months ago. Why is his account still active?
Two best practices to follow here:
- Make sure managers communicate with IT in a timely manner to shut off email and access to other applications and systems.
- IT should also be monitoring accounts to identify when they become stale and proactively remove them.
- Don’t reuse passwords - ever.
If you need to change your passwords every 3-6 months, using strong passwords can significantly limit risk and exposure. And passwords should never be reused. Passwords are often stolen without the user knowing and they aren’t used immediately. Just look at the breaches of LinkedIn, Yahoo, Twitter and others.
- Continuously monitor identity when providing access to sensitive data or systems
Organizations with confidential information should take steps to continuously verify that the users accessing it are who they say they are. In addition to username and password, identity verification monitoring should track user activity and initiate additional verification techniques (like using biometrics or two factor authentication based on user behavior) every time user activity looks suspicious.
- Tips to keep business from coming to a halt during a potential breach
When an organization thinks it may have been breached, it is important to secure the organization from the potential breach but not stop business process. Communicate with employees to make sure they know what they’re supposed to do. Implementing additional security measures to ensure legitimate access to sensitive systems for a period of time may be necessary while the breach is investigated. Implementing technologies like two factor or multifactor authentication can assist here.
- Get a handle on your Privileged Users
Once an attacker compromises an account, they attempt lateral movement to gain access to privileged accounts that have elevated access to the network. Privileged access means a higher risk of compromising the enterprise network. To keep privileged accounts secure, keep track of privileged accounts and regularly review them to downgrade those with unnecessary privileges and to remove stale accounts. Privileged users need to follow strict security guidelines for credential usage as those are valuable for hackers.