[BreachExchange] Information security: 5 ways to better protect your company

Audrey McNeil audrey at riskbasedsecurity.com
Fri Mar 9 14:53:04 EST 2018


https://www.bizjournals.com/sacramento/news/2018/03/08/
information-security-5-ways-to-better-protect-your.html

The business risks associated with cyberattacks have never been higher, and
cybercriminals are improving their offensive measures every day. Here are
five steps you can take to improve your defense when it comes to
information security.

1. Train your employees

Cybercriminals are sending malicious emails to companies and their
employees every day. The first step to improve your company’s information
security is to educate employees on what to look for and how to respond to
suspicious emails. Organize seminars, presentations or videos explaining to
employees why information security is important and what they can do to
help keep their digital assets safe, both at home and at work.

 2. Test your employees with fake phishing emails

Employees pay more attention to training when they know they will be tested
on it. We recommend working with your information technology team to
perform regular testing that will identify further training opportunities
for staff. Testing is not meant to “catch” employees making mistakes.
Instead, it is there to help the organization better defend against data
breaches.

 3. Enable multifactor authentication wherever possible

Web-based email (and many other systems) can often be accessed with a
simple username and password. Multifactor authentication adds another layer
beyond just the username and password (sometimes a text message, or other
rotating random code) to the login process to protect your accounts. Work
with your IT team to determine which sensitive systems might be able to
take advantage of multifactor authentication.

4. Deploy (and redeploy) enterprise-grade perimeter and endpoint protection

While PCs, servers, and most networking equipment have a useful life of
five or more years, technology advancements with perimeter security
(firewalls) and endpoint protection (antivirus and antimalware) mean that
you should work with your IT team more frequently to evaluate if your
security platforms are still considered best in class. We typically
recommend considering new security technology roughly every three years and
potentially more regularly than that depending on the client’s industry.

5. Secure sensitive passwords in an encrypted vault

We all have too many passwords these days to remember them all in our
heads. Employees often save passwords within Outlook (never a good idea, as
all passwords are accessible if the email account is ever breached) or in
unencrypted Word or Excel documents on their computers. There are several
reputable password management platforms that employees can use to store
their passwords securely using encryption. Even password-protected MS Word
or Excel files offer built-in encryption options that are far better than
nothing.

in the “game” of information security, there are clearly benefits to
building a strong defense for your organization. Just one of these
proactive steps may be the difference between yet another day at the office
and a day filled with ransomware, financial and productivity loss and
reputational damage. Stay safe out there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180309/012095ec/attachment.html>


More information about the BreachExchange mailing list