[BreachExchange] 7 ways to enlist employees in the war on cybercrime

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 29 14:49:02 EDT 2016


http://www.itproportal.com/2016/04/29/7-ways-enlist-employees-in-war-on-cybercrime/

Corporate hacking attacks continue to wreak havoc on businesses worldwide.
In the past few years, data breaches at companies like Sony, Target, Home
Depot, eBay and JPMorgan have resulted in hundreds of millions of
compromised accounts and the theft of sensitive credit card, personal
identity and Social Security information.

And that’s just scratching the surface — most hacking incidents don’t
generate news coverage because the companies aren’t as well known.

The truth is, hackers target companies of all sizes. IT professionals at
small to midsized companies are aware of the dangers and take measures to
protect their company’s data. But company security is only as strong as its
weakest link, and all too often, employees are the weak link because of
poor cyber security practices. Here are seven ways to help them improve:

1- Require the use of strong passwords: Since compromised passwords are
frequently a gateway for hackers, it’s a good idea to require employees to
use passwords that contain upper and lowercase letters as well as numbers
and symbols. Help employees create passwords that are easy to recall as
well as strong by suggesting that they replace letters with numbers or
symbols — for example, “B at seb@11” instead of “baseball.”

2- Mandate use of a different password for each secure site and frequent
changes. It is important to make sure employees don’t use the same password
for every site and to ensure they change it every 30-60 days. To encourage
this practice, let them know that when a data breach occurs, cyber
criminals often sell the information to third parties before the theft is
detected. If they change passwords regularly, there’s a better chance that
a new login protocol will be in effect when the third-party buyer tries to
use the password.

3- Make sure mobile phones and tablets are password or PIN protected: With
the rise of the BYOD trend, millions of employees use their own smartphones
and tablets to conduct company business, login to secure servers and access
sensitive client or company data. And yet too many don’t bother enabling
password or PIN protection on their devices, which can easily fall into the
wrong hands. Require the use of a strong password on all devices employees
use for business purposes to keep information safer.

4- Help employees avoid falling for phishing scams: Many big data breaches
have started with a so-called “phishing” scam, when a cyber thief calls or
emails while posing as a banker, merchant account official or vendor and
attempts to collect login information. As IT pros know, a sophisticated
scammer can create a website that looks very much like a legitimate site.
Make sure employees know that it is never okay to give out account
information via email or over the phone.

5- Require logoff when employees leave devices unattended in the office:
It’s a common practice for employees to leave browsers open when leaving
their desktop or laptop unattended, but it’s extraordinarily dangerous
since it only takes a few seconds for someone to use an open browser to
collect login information and copy passwords. Ask employees to shut down
the browser and lock their screens if they’re going to be away from their
computer, even for just a couple of minutes.

6- Consider deploying a password management system: The two most popular
passwords in 2015 were “123456” and “password.” That’s maddening for IT
pros, but the fact is, it’s tough for employees to keep track of multiple
strong passwords. And if they do use strong passwords, they’re more likely
to forget them and require IT’s help to regain access. A secure password
manager can be a great solution. It automatically handles password creation
and changes and only requires users to remember one master password.

7- Provide employees with cyber safety classes: Most employees have good
intentions. They don’t deliberately put company information in peril;
they’re just not sure how to keep it safe. Consider training new hires on
cyber safety and holding classes for current staff to make sure they know
how to operate safely online. Providing employees with a manual that
outlines company cyber security policies and requiring that they sign an
acknowledgement form stating that they understand and will abide by the
policies is a great way to reinforce the message.

Most analysts predict that the worldwide cybercrime wave will continue as
more devices are connected, more users come online and more data is
generated. IT professionals are doing their best to counter hackers and
protect sensitive data at the corporate level.

But enlisting the aid of employees in this fight is crucial since they are
on the frontlines, and focusing on passwords is essential since so many
high-profile cybercrimes start with a compromised password.

By following these seven tips, you can help employees navigate the dangers
more effectively and keep your company’s data safer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160429/c905b8f6/attachment.html>


More information about the BreachExchange mailing list