[BreachExchange] 5 Ways Employees Can Prevent Advanced Security Attacks
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Feb 22 19:33:58 EST 2017
http://opensources.info/5-ways-employees-can-prevent-
advanced-security-attacksnbsp/
For better or worse, employees are the first (and sometime final) safeguard
against digital incursion – and hackers know it. Cybercriminals are a
sneaky bunch. More often than not, they will exploit your company’s weak
spots rather than launch a full-scale assault against your security
solutions. And what is your weakest link? Sadly, research shows that
employee negligence is one of the leading causes of data breach.
It’s no wonder why phishing scams, Trojan downloads and social engineering
scams are often aimed at employees. These simple hacker tricks not only
lead to infected devices and leaked emails, it can also expose enormous
amounts of data on your customers (just ask Yahoo or DropBox). Below are a
few of the simplest steps employees can take to prevent advanced security
attacks from crippling their organizations.
Urge Users to Create Better Passwords
This tip appears in nearly every cybersecurity guide, but not enough people
follow it. All too often employees develop weak passwords and reuse them
for multiple sites and services; which means hackers can decode your login
information with an automated brute force attack and then shop your
password around to unlock as many sites as possible.
How would you fare? Would a hacker be able to access your work email, your
social media pages, your bank account? Consider using stronger and
different passphrases for all your accounts. If you have trouble keeping
these in order, try using a password manager.
Don’t Get Lazy, Update Your Software
Nothing is more annoying than software notifications disrupting your work
flow to ask you to update your programs. You hit ‘remind me tomorrow’ but
you are really saying ‘leave me alone!’ Why are they so persistent?
As it turns out, software updates are vital to the health of your company.
Software developers regularly release security updates and patches for
their programs; and the hacker community is deftly aware of these security
gaps. If you want to prevent advance security attacks, update your programs
regularly or turn on automatic updates.
Bring Shadow IT Out of the Dark
Your company probably provides a list of approved programs for your
employees including chat services, box services and more. Still, your
employees likely have their own favorite products and services. Maybe it’s
just easier to chat over an open source platform or store files in an
unapproved cloud. But who knows if these programs are trustworthy? Even if
they are, it is nearly impossible for IT departments to manage and secure
these rogue platforms from cyberattack.
This is what is known as Shadow IT, and it’s a big problem for companies
everywhere. While it’s nearly impossible to stop your employees from using
Shadow IT, at least urge them to disclose any unapproved programs to IT for
better security and monitoring.
Shy Away from Public Wi-Fi
More and more offices adopt ‘work from home’ and ‘bring your own device’
policies to reduce operating costs, boost productivity and improve employee
satisfaction. And it’s working! Turns out nearly 45 percent of employees
regularly telecommute.
What’s troubling, however, is that more than 60 percent of web users think
public internet is safe to use! Far from it, hackers often deploy
‘honeypot’ and ‘man in the middle’ attacks to fool users into joining bogus
Wi-Fi- hotspots or pilfer crucial data transfers to and from your business.
Yikes!
Educate your employees about the risk of public Wi-Fi and encourage them to
use a virtual private network (VPN) or personal hotspot when surfing the
web in public; and even then, to use caution.
Develop A Contingency Plan
Cyberattacks happen. No way around it. If you want to prevent advanced
security attacks, its best to work with a reputable cybersecurity provider
who can manage your defenses when you can’t. If an attack does breach your
network, they can help reduce the damages, sniff out secondary attacks and
get your business back on track.
Remember to develop a contingency plan. What happens after a hacker
compromises your system? How do you quarantine the incident? How should it
be reported? How should it be remedied? These are questions you want to ask
before an incident, not after.
While there are numerous cybersecurity checklists online, it’s important to
remember that protecting your business from hackers is a process rather
than a one-and-done deal. By educating your employees about the risk of
cybercrime you can turn your weakest links into your army of advocates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170222/fcee8a9f/attachment.html>
More information about the BreachExchange
mailing list