Hackers definitely made their presence known in the last year. As a result, CISOs and their teams are on their toes to stay one step ahead.
We can all benefit from lessons learned. In fact, identifying an enterprise’s security risks should be an ongoing occurrence. As part of its “How-To” series, CIO identifies the following six causes of security breaches and provides suggestions on what your organization can do to reduce them:
Risk No. 1: Disgruntled Employees
Solution: Identify all privileged accounts and credentials [and] immediately terminate those that are no longer in use or are connected to employees that are no longer at the company.
Risk No. 2: Careless or Uninformed Employees
Solution: Train employees on cyber security best practices and offer ongoing support. Hold training sessions to help employees learn how to manage passwords and avoid hacking through criminal activity like phishing and keylogger scams. Provide ongoing support to make sure employees have the resources they need.
Also, make sure employees use strong passwords on all devices. Encryption is essential. To be extra safe, implement multifactor authentication.
Risk No. 3: Mobile Devices (BYOD)
Solution: Make sure you have a carefully spelled out BYOD policy. Implement mobile security solutions that protect both corporate data and access to corporate systems while also respecting user’s privacy through containerization
Risk No. 4: Cloud Applications
Solution: The best defense against a cloud-based threat is to defend at the data level using strong encryption.
Risk No. 5: Unpatched or Unpatchable Devices
Solution: Institute a patch management program to ensure that devices and software are kept up to date at all times.
Risk No. 6: Third-party Service Providers
Solution: Validate that any third party follows remote access security best practices, such as enforcing multifactor authentication, requiring unique credentials for each user, setting least-privilege permissions and capturing a comprehensive audit trail of all remote access activity.
For more detail on these security risks and their solutions, see the full CIO article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.