[BreachExchange] Data Security: Spotting a scam before disaster

Audrey McNeil audrey at riskbasedsecurity.com
Fri Sep 30 13:37:25 EDT 2016


http://www.biznology.com/2016/09/data-security-spotting-scam-disaster/

Data is everywhere, and as long as it’s out there, hackers will try to get
it. If your company falls victim to a data breach, no matter how large or
small, you lose money and customer trust. Data shows the average
consolidated total cost of a data breach grew from $3.8 million in 2015 to
$4 million in 2016, and the average cost to a business for each lost or
stolen record of sensitive and confidential information rose from $154 to
$158.

While no data security will ever be 100% hacker-proof, there are ways to
spot a scam before disaster strikes. These data security tips will help you
protect your reputation and your customers.

Teach Employees Signs to Look For

Show everyone phishing emails look like, and to avoid opening suspicious
emails. Run some mock phishing attacks of your own against your employees
to see how well they are equipped to respond, and test the management team
to see how well they’re enforcing the policies. Any email attachments
should be scanned through your email’s virus scanner before they are
downloaded. Links should be double checked before clicking. Teach employees
to hover over the link and look closely at the URL to make sure the URL
matches the proposed destination.

Set a Company-Wide Policy

Talk with your IT team or meet with security consultants to help you
develop a company-wide policy on how to use the computer systems. Include
what’s acceptable and what’s not, such as rules about when and how to
respond to an email that looks suspicious. Outline social media usage
expectations, as someone, somewhere, will have to maintain your corporate
social media accounts. Leaving the websites accessible at work also opens
the door to personal social media use, which could put company data at
risk. Set protocols about how often employees are required to change
passwords, and make sure they know how to set good, secure, passwords that
they can still remember.

Implement a High-Quality SPAM Filter

Spam inundates mailboxes all over the world, and no matter what you do,
you’re never going to stop it. In the first quarter of 2016, there was a
sharp increase in email antivirus detections: more than 22 million, and
that’s for a single antivirus solution. This number is four times higher
than the first quarter of 2015. Many phishing scams start with emails that
most SPAM filters will catch. However, even the highest quality filters may
block out legitimate emails, so be sure to check them regularly.

Keep Your Systems Up-to-Date

Software is updated often to catch security holes that make it easier for
hackers to get in. The longer you go between updates to cover those holes,
the higher the risk of falling susceptible to a data breach. The easiest
way to do to this is to set all computers in your office to run automatic
updates, and require anyone who’s telecommuting to do the same.

Run Anti-Virus Software

No anti-virus software is perfect, but something is better than nothing. As
with other software, allow it to update regularly to get new virus
definitions. Run regular virus scans to ensure that no malicious files were
inadvertently downloaded to your system.

Use Two-Factor Authentication

Two-factor authentication requires a second-step to successfully login, if
an employee’s credentials are ever compromised. For instance, when a
new-sign in happens, a code is sent to the employee via text message or
phone call, and that code is required to be correct before allowing access
to the account.

Scams are all over the Internet, and anyone who doesn’t know what to look
for could easily put your data at risk. Teaching employees is a critical
step, but without other security measures in place to act as additional
protection, your data will always be at risk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160930/049bdf65/attachment.html>


More information about the BreachExchange mailing list