Everyone wishes their organisation could be more secure. With the number of hackers, Insider Threats and other threats to your cyber security out there, you can always find a new security practice to enact.
For this post, we’re not to telling you about encrypting data or putting up firewalls. We’ll assume you already have those implemented. These ten best practices for 2016 are items you may not have considered, but definitely, should. Take a look at the list and see if any of these best practices for cyber security have gotten lost as you consider your Insider Threat planning this year:
1. Monitor Applications with Access to Data
Applications are great. They give your business the tools it needs to function and be productive. But they also put your sensitive data at risk. When IT security attempts to protect critical information, it usually involves putting up firewalls and building your infrastructure around the data you want to protect. Then you give applications access to this data. When hackers look to steal your data, they won’t try to hammer their way through your firewall, they’ll look for the least secure system with access to the data they need.
2. Create Specific Access Controls
Once your IT network is secure, you need to be very careful about who you decide to give the keys to the kingdom. Ideally, it shouldn’t be anyone. By creating specific access controls for all of your users you can limit their access to only the systems they need for their tasks and limit your sensitive data’s exposure.
3. Collect Detailed Logs
For a complete record of what goes on in your systems – both for security and troubleshooting purposes – you should collect detailed logs and report data. This is especially the case for applications that don’t have internal logging. By adding tools that can log the activities of these applications you will be able to plug any security holes those applications may create.
4. Maintain Security Patches
When cyber-criminals are constantly inventing new techniques and looking for new vulnerabilities, an optimised security network is only optimised for so long. When Home Depot’s POS systems were hacked last summer, they were in the process of installing a security patch that would have completely protected them. To keep your network protected, make sure your software and hardware security is up to date with any new antimalware signatures or patches.
5. Beware of Social Engineering
All of the technical IT security you implement can’t take the place of common sense and human error. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Rogers Communications recently faced a major breach when a hacker called an employee pretending to be the IT department and was able to get the employee’s log-in information. Attempts like this one may come from phone, email or other communication with your users.
6. Educate and Train Your Users
No matter how gifted, your users will always be your weakest link when it comes to information security. That doesn’t mean you can’t limit this risk through regularly educating your users on cyber security best practices. This training should include how to recognise a phishing email, how to create strong passwords, avoiding dangerous applications, taking information out of the company, and any other relevant user security risks.
Also Read: Angry Indians are trolling Snapchat CEO’s fiancée Miranda Kerr on Instagram