[BreachExchange] How to Avoid Self-Inflicted Cybersecurity Wounds

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 10 19:01:57 EDT 2018


https://blogs.findlaw.com/in_house/2018/07/how-to-avoid-
self-inflicted-cybersecurity-wounds.html

Surprising as it may seem, the next cybersecurity breach will probably come
from the inside.

That's because employees are often the source of the problem; they don't
practice safe-internet. Disgruntled workers, too, may leave behind viruses
that are harder to get rid of than an STD.

So if your company has a tendency for self-inflicted cyber wounds, the
first thing to do is remove all the sharp objects. This is the inside story
about how to fight cyberattacks.

Trojans and More

"Trojans" started with an ancient wooden horse -- not a prophylactic.
Fast-forward past the misnomer, and now they are malicious programs that
get into your computer system.

Like most cyberattacks -- ransomware, phishing, and viruses -- they come
through the front door. Typically, an employee invites them in when they
open an email, download an attachment, or visit a web site.

How to fight these invasions? In a word, training, training, and training.

"Security awareness training is often overlooked but is as important as any
anti-malware system within an overall security strategy," writes Michael
Trachtenberg for Forbes.

Ongoing, Remediation and More

Trachtenberg, a chief technology officer, recommends a training site with
ongoing and remediation training. Build a cybersecurity training
curriculum, too.

"Have these training lessons built into the onboarding process, and hold
people accountable for learning the material," he says.

Cyber accountability begins at the door -- where workers start and end
their jobs. If you have employees who don't take cybersecurity seriously,
you may have to show them the door to a safer location.

If the people of Troy had looked a little closer, they probably would have
seen the enemy inside that wooden horse.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180710/9b9cbdaf/attachment.html>


More information about the BreachExchange mailing list