This may be hard to believe, but the majority of breaches that occur are not because there are so many super smart hackers out there taking the time to decipher your company’s weak passwords or open ports in your network. Breaches are likely caused by your end users – your employees.
How can your organization combat the cyber war that is occurring on a regular basis in the world?
- Regular Security Awareness training
- Ensure your end users know the latest trends, tricks, and scams out there
- Social Engineering. Be aware of:
- Phishing your end users
- Vishing your end users – receiving random phone calls from outside your network to obtain an end users credentials
- Use complex Passwords
- Use Two Factor Authentication
- Use password manager software
- Network Connections
- Avoid allowing Bluetooth connections if possible
- Never use public Wi-Fi networks
- Make sure home Wi-Fi networks are secure and managed properly
- WPA2 Encryption should be set
- Router password should be complex and the default username should be changed to a unique identifier
- Access to the Device
- Use a work computer for work – do not shop or play games on a work machine
- Physical Security
- Do not leave your work computer or mobile devices in your car unattended
- Store your work computer and mobile devices in a secure location
- Data Encryption
- Transfer data from point A to point B when outside of the network with encryption methods
- Backup end user data regularly or create a policy that forbids saving anything locally
- Software installation and patching
- Limit what software is allowed on an end user’s machine
- Don’t forget to patch workstations, laptops, tablets, mobile devices
- New releases of software exist not only because they include additional features, but most likely because some exploits in the application have been filled. If you have mobile apps on your phone that are requesting an update, you should update them.
- Understand the basics of Security
- Anti-Virus – make sure it is updated and working
- Firewalls on a PC should be turned on and rules tuned – make sure you have a list of the applications that are trusted
- Internet web pages – if end users are surfing the internet you should educate them on suspicious web sites/links or have web filtering to avoid the risk
- Create a policy to forbid transferring data on a USB drive from home
In Parts 2 and 6 of our Ransomware series, we share more information on how to protect your environment from Cyber Criminals.
If you want to learn more about how to have better security, contact our Security Services at firstname.lastname@example.org for a complimentary consultation.