Top 5 Cyber Security Awareness Tips
[download]Download the BEST PRACTICES FOR DEVELOPING AN ENGAGING SECURITY AWARENESS PROGRAM whitepaper[/download]
Are you worried about cyber security? Everyone, from home users and small businesses to multinational companies know that attacks are increasing in frequency and sophistication. In particular, APTs (advanced persistent threats) have grown in number lately and are hindering business continuity and disrupting data center operations. Companies are continuously looking for ways to boost their network infrastructure security to mitigate risks and preventing the exposing of sensitive information and the loss of valuable assets.
In addition to technical solutions, a weapon against malicious hacker attacks is cyber security awareness; full understanding of the dangers of the online environment and related countermeasures is paramount to minimize risks and augment a company resilience. Analysts predict for 2015 and beyond a steep increase in cybersecurity breaches. The growth of the Internet of Things, the increasing digitalization of sensitive information (including medical records) and the increasing reliance on cloud environments open new possibility for cyber criminals to access information. No user can feel completely safe, regardless of operating systems used, devices utilized or type of info handled. Through hardware backdoors, software weaknesses and, in many cases, user manipulation, malicious hackers can get hold of sensitive data or conduct cyber espionage. Only those that adhere to the right security awareness best practices and tips will be able to address cyber-related menaces effectively, and be prepared to respond should they occur.
Cyber Security Awareness Tips
Given the complexity of the attacks now perpetrated by malicious hackers, the variety of possible targets and of ways to penetrate systems, there is no single effective prevention measure to implement. A holistic and synergic approach is necessary to secure systems with technology, prevent vulnerabilities caused by users’ actions and creatively anticipate possible attacks.
Tip No. 1: Promote security by training employees
Staff training is a good place to start. Everyone must be aware of security issues related to computer threats/attacks/scams. Users are often the weakest link in the cyber security chain and any good cyber security program should start with increasing the knowledge of end users. Cyber security awareness training can help employees and executives recognize signs of phishing and spear phishing as well as avoid common mistakes like downloading files without proper checking and changing security settings.
Particular care must be given to sensitizing employees not only to the dangers of being the target of phishing, but also to the proper use of social media which are now increasingly been used not only as a personal communication means but also as an effective work tool. Employees should also be made aware of watering hole techniques: this is another attack that exploits users and is carried out by observing which websites a particular organization or group of people most often visits and infecting those with malware to affect the intended targets.
Promoting security education has to be a priority! The best defense against cyber security threats is knowledge, and that comes with training. Joe Ferrara, President and CEO of Wombat Security Technologies, in fact, believe that organizations “can reduce their risk of security infections between 45% and 70% by implementing effective security awareness training programs that include assessments, education, reinforcement, and measurement.”
Tip No. 2: Exploit the latest technological innovations
Awareness is also keeping informed on latest technology developments. Investing in technology is imperative; one must embrace its capability to combat and prevent cybercrime, in addition to help secure computers and protect privacy. To defend IT systems, while constructing substantial defenses to meet current and future cyber threats, it is important to make the most of the 6 D’s of Cyber Security — Deter, Detect, Defend, Deflect, Document, and Delay — as they may help drastically to reduce an organization’s risk.
It is also important to keep up-to-date with current releases and make sure to update often as software companies continuously research and implement fixes to common security flaws in their products. Closing any backdoors before they are exploited is a basic safety measure for any environment.
Tip No. 3: Develop a cyber-defense strategy
Take a holistic approach to the security strategy for network-based detection; it helps to detect threats and block exploit attempts. An integrated hardware and software solution, such as Firewalls, an IDS, and Encryption, to name a few, that can be both hardware- or software-based, is essential to defend against and remove cyber threats. A holistic approach helps being constantly aware of any changes in the network and makes it easy to spot disturbances and variations in normal patterns of behavior.
Tip No. 4: Prepare, Implement and Clearly Communicate a Strict Security Policy
Today’s IT environments are not just made of servers and end user workstations, as they also comprise mobile devices, BYOD, remote workstations and cloud storage. Protecting this type of configuration is no longer possible by simply segregating the network and protecting it from the outside cyberspace; much of the information is stored and processed outside of the confined perimeters of a company office and through a variety of different operating systems, hardware and software.
If employees are not using the same devices, software, and are not even co-located, they have at least to follow the same guidance. It is important that rules are well defined and the perimeters within which each user can move are clearly established.
Rules for strong passwords, for e-mailing or downloading files, for using peripherals and connection methods (wireless, Bluetooth, hotspots…) need to be established and enforced to prevent confusion and chaos in managing the entire cyber infrastructure.
Tip No. 5: Employ intelligence tools and engage in proactive cyber-security
Network information/intelligence gathering can be applied in the information security world. Awareness includes being also able to understand signs that something is about to happen even when there are no clear indications of malfeasance. Commence by analyzing behaviors and analyze normal patterns in your system; try to anticipate what indicators you could expect to see in case of stealth attacks.
As Orla Cox, a long-standing member of Symantec Security Response, said, in a blog post, “Corporations need to get ahead of the attacker and embrace Proactive Cybersecurity.” She explains, “Proactive Cybersecurity puts you firmly in control of your network security. Spence Witten, Lunarline’s Director of Federal Sales, wrote in a blog, “A proactive cyber security approach is a necessity to stay protected against aggressive cyber criminals.”
When you consider proactive cyber security, consider the following points:
- Identifying security control gaps (raised through self-assessment)
- Pinpointing vulnerabilities in the IT environment
- Examining level of preparedness against cyber-attacks
- Formulating threat detection and incident response methods
- Reviewing cyber risk management policies
- Determining effective cyber security practices
- Establishing specific guidance
- Incorporating appropriate cyber security controls
As there are many paths for exposing data and applications within the corporate cyber infrastructure, it is vital to discover where the organization is most vulnerable to risks. Aside from searching for cyber security vulnerabilities, when you anticipate potential problems and potential indicators that can lead to the spotting of intrusions, it is quite easy to deploy the necessary countermeasures and train employees to recognize and report signs of suspicious activity.
When you venture into cyberspace, you could indeed be vulnerable to hackers, phishers, and cybercriminals who are upping their game in mobile scams and attacks. By implementing cybersecurity measures, companies will be able to protect their users and assets from the attacks of hackers looking for ways to steal sensitive information or just wreak havoc on systems.
Any technical defense measure, however, would be useless without cyber-awareness. By providing end users with knowledge and giving them the tools to prevent cybercrime and attacks, businesses will be able to sustain vigilance efforts regarding cyber readiness and resilience.
All these strategies in synergy can increase the resistance of any organization of any size. To protect themselves companies can
- Make a cybersecurity assessment (i.e., assessing the risk and impact of cyber-attacks)
- Conduct a cyber-threat analysis to determine the level of risk within the organization
- Create a cyber-security policy
- Establish cyber security governance
- Incorporate cyber security measures from a business strategy and technology strategy point of view
- Ensure cyber security measures are adequate
- Review and test the incident response plan (IRP). An IRP, a set of instructions for detecting, responding to and limiting the effects of an information security event, which serves to deal with adverse situations—not just recovery—can be used to make changes in people, processes or technology
- Acquire cyber insurance to protect against risks. The demand for cyber insurance has grown as a result of cyber losses caused by attacks
- Hold a proactive cyber security meeting to address cybersecurity flaws, issues, concerns, etc. inflicted by hackers that are targeting individuals and companies
- Share cyber threat information between colleagues
- Have an action plan to strengthen the company’s security posture to ensure that all systems, data and operations are secure from theft, compromise, corruption, etc. It may be beneficial to create Standing Operating Procedures (SOPs) for every imaginable scenario to deal with the potential aftermath of a security-related incident. Based on what has been discovered, there ought to be guides that dictate, in details, what personnel need to do and when against aggressive hackers
- Involve management and executives on security matters
- Speak about IS Governance and Risk Management at trainings and make sure to make it very personal for all employees
The support and vigilance of each user as well as clear policy and regulations and a thorough understanding of any possible vulnerability can aid technical solutions to prevent or at least detect any attacks before it’s too late. Training, technology, planning, communication and proactivity are the best defense in cybersecurity.
Armerding, T. (2015, January 29). 9 Common Security Awareness Mistakes (and How to Fix Them). Retrieved from http://www.cio.com/article/2877635/security0/9-common-security-awareness-mistakes-and-how-to-fix-them.html
Brecht, D. (2010, June 24). Ideas to Promote Information Security Awareness. Retrieved from http://www.brighthub.com/computing/enterprise-security/articles/75233.aspx
Cox, O. (2014, April 2). Proactive Cybersecurity – Taking Control Away from Attackers. Retrieved from http://www.symantec.com/connect/blogs/proactive-cybersecurity-taking-control-away-attackers
Schiff, J. (2015, January 20). 6 Biggest Business Security Risks and How You Can Fight Back. Retrieved from http://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html
Witten, S. (2015). Counter Intelligence: Your Guide to a More Proactive Cyber Security Approach. Retrieved from https://lunarline.com/blog/2015/04/counter-intelligence-guide-proactive-cyber-security-approach/