NCSAM—Week 2: Cybersecurity in the Workplace is Everyone’s Business
The Lastline Daily Dose program supports National Cyber Security Awareness Month (NCSAM) with daily tips and advice to help individuals and organizations detect and prevent malware-based cyberattacks. Throughout October, Lastline will offer a daily dose of advice via Twitter (@Lastlineinc), LinkedIn, Facebook, and other social media channels, aligned to the weekly themes established by the Department of Homeland Security.
Cybersecurity in the Workplace
The theme for week 2 of NCSAM is Cybersecurity in the Workplace is Everyone’s Business. Here are our daily doses of advice for October 7-13.
Tip 6: Criminals aren’t standing still, so you can’t either–Complete a risk assessment yearly & keep security controls updated.
Our adversary is formidable, supported by organized crime and state-sponsored crime rings. Crimeware is evolving at an astonishing speed. It’s just not possible to defeat tomorrow’s threats using yesterday’s technologies. It’s surprising how many corporations are using decades-old security technologies.
There is no shortcut when it comes to cybersecurity. Too many organizations approach it as a checklist item they have to hurry through, resulting in half-baked policies and plans. Bad plans lead to bad results.
Here are some additional roadblocks to adequate, effective security that many enterprises face.
Tip 7: Prioritize cybersecurity, including at the board level. Highlight the business benefits and the financial & branding downside of a breach.
It’s not enough for senior management to merely accept investments in security, they need to demand highly effective security. In order for them to do that, they must understand the risks, such as tarnished brand, financial loss, and customer churn, but they also need to understand the business benefits, the ROI on their investment. These can include competitive advantage that increases revenue as you pick up clients who abandon competitors after their data breach is exposed.
You might be interested in our recent blog post about the progress that is being made, admittedly slowly, toward boardroom awareness and support for security investment.
Tip 8: Employees are your weak link–train, train, and train some more on detecting phishing and other social media attacks.
In a large-scale study by Verizon, 23 percent of recipients immediately opened phishing messages, and 11 percent of them went on to click on a link or open an attachment. You can be sure that all of those people have been warned about phishing.
Just as interesting, and worrisome, is that it happens fast. It takes an average of only 82 seconds from the time an attacker launches a phishing campaign until the first victim takes the bait and clicks a malicious link. And the users are completely unaware that anything bad is taking place. This isn’t just occurring with personal accounts. It also takes place at businesses and government agencies where the consequences can be dire.
Keeping employees, and therefore your company, safe involves carrots and sticks. Here are 11 suggestions for how to prevent a successful phishing attack.
Tip 9: Make patching a high priority—Old vulnerabilities with an available patch cause more damage every day than zero-days.
The WannaCry attack earlier this year is a particularly visible example of the importance of patching. It exploited a vulnerability in the Windows SMB service, which had been patched, but many companies did not install the patch. And the list of additional vulnerabilities is seemingly endless – and these are just the known vulnerabilities.
Given the number of systems and applications that IT departments manage, keeping everything patched is understandably a challenge. Using Patch Management software can ease the burden. TechTarget’s recent article is helpful for understanding how these work and selecting the version that fits your needs. If you’re a Gartner client, they also published a helpful report on patch management solutions.
Tip 10: Don’t let breaches go undetected for weeks or months. Here are 7 steps to speed detection.
Many organizations that experience a breach won’t learn about it for months, or even years. During that time, today’s fast-paced cyberattacks can cause significant damage to a company and its customers.
Staying up to date on the latest attack schemes and techniques, and leveraging readily available threat intelligence are among our advice for improving breach detection. Our recent blog post explores these further and offers five more tips to help enterprises quickly detect a pending or actual data breach before it causes widespread harm.
Follow Lastline on Twitter (@Lastlineinc), LinkedIn, or Facebook to automatically receive your Daily Dose of advice throughout the month of October. Or go to www.lastline.com/DailyDose where we’re compiling all of the daily advice throughout the month.
More CyberAware Tips—NCSAM—Week 1: Simple Steps to Online Safety
Latest posts by John Love (see all)
- Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say - May 20, 2020
- Morning Cybersecurity - May 20, 2020
- Texas regulators tamp down authority of proposed cybersecurity monitor as PUC nears vote - May 13, 2020