Cybersecurity threats present a growing and dynamic challenge for businesses of all sizes. Unfortunately, they are commonplace occurrences as Forbes notes that 60% of the organizations surveyed had been breached in the last two years and 31% had been breached more than once. Threats organizations face may range from the headline-grabbing data breach to malware, downtime, and the loss of operational efficiency. In this blog, we'll discuss four ways to help improve an organization's cybersecurity posture.
Implementing cybersecurity practices often presents distinct resource and organizational challenges. These challenges grow at a pace with the changing size and complexity of the business. The following steps may help companies to improve their cybersecurity practices and achieve a new level of security readiness.
1. ESTABLISH A TRAINING POLICY
Though it tends to be the least popular, providing knowledge-based information/training isn't just an item to check on an annual list.
Periodic training of all employees on cybersecurity threats and practices is an essential step to security readiness, and this step may require the establishment and dissemination of a baseline level of cybersecurity knowledge within your organization. Training content that is relevant and up to date can only take employees so far.
The main element lost in cybersecurity training is often times the people. Previous reports show that 90 percent of corporate data breaches in the cloud happens due to the actions people take, not due to a cloud provider.
Educate employees at all levels
Testing all employees with "phishing" emails from IT/Security:
- Phishing emails often compel an employee to perform an action that may endanger organization security
- Send fake phishing emails to select employees
- The results of the employee interaction should be confidential
- Provide aggregated and anonymous results to steer security awareness at all levels (company-wide, all-hands etc.)
Another approach is to have employees engage in "social engineering" encounters:
- Each individual's access to physical or software systems is an exploitable point of failure
- Challenge employees with requests from unverified sources for information or access that is restricted
- Challenge employees with scenarios such as a person with crutches asking someone to 'badge' them into a building or area
- Provide results to raise awareness at the intersections of the human element of cyber and physical security
Another way to reinforce any training is to ensure that cybersecurity framework concepts become an organic part of frequent actions and collective decisions. Working with IT or those in IT security can keep best practices top of mind and may ensure that employees at all levels are surrounded by positive reinforcement of cybersecurity best practices.
The following activities can help to further reinforce good cybersecurity hygiene:
- Reinforce device "locking" when employees are away, or a device is not in use:
- Locking a computer or device restricts unwanted physical access to local and network resources
- Users are required to identify and authenticate themselves prior to continuing usage of local or network resources
- Seeing other locked devices around them should reinforce this behavior at all levels
- Use positive peer pressure to remind colleagues when their devices may not be secured
- Reinforce identification for access to restricted physical or digital resources:
- Ensure that everyone understands that it may not be security-friendly to 'hold the door' for others to a building, or restricted physical areas
- Do not encourage the sharing of credentials or the shared use of devices
- Reinforce authorization for access to restricted physical or digital resources:
- Ensure that employees check with the proper point of contact (manager, etc.) even when credible requests are received for sensitive information
- Even a routine request from a known vendor or other entity should be confirmed when that request may require access to restricted or sensitive information
2. DEFINING POLICY
Establishing clear steps for all employees when responding to a security incident is of utmost importance, though even with proper training, the inevitable security incident may occur. Dependent upon the nature of one's business, training may already cover the processes to follow in the event of a security incident. Regardless of whether these steps are directly covered, all employees must know whom to contact, and the information to provide.
- Establish security contacts within each organizational group to facilitate the response to an incident:
- Security contacts spread across the organization facilitates a horizontal sharing of information
- Security contacts encourage the reporting of security incidents at the time they are discovered
- Security contacts may have the ability to respond to an incident locally, which may improve response time and security incident outcomes
- Establish a clear process for both security contacts and the incident reporter:
- Did the user click something in a suspicious email?
- Was an unauthorized device connected to a secure network?
- Is the issue related to unauthorized software or malware?
- The reporter of the incident should know whom to contact and in what time-frame
- The point of contact should know their next steps and the information that should be documented
- The next steps in the response chain will benefit from everyone knowing what must be done when an incident has been identified
- Make reporting a security incident a positive activity within the organization
- Internal points of contact will coordinate as necessary to handle communicating with outside organizations
- A specific point of contact should handle communication with outside organizations as a part of responding to a security incident
3. AUTOMATING CYBER HYGIENE
Cyber hygiene is a growing set of best practices to maintain the overall cybersecurity health of your organization. Training employees on cybersecurity is a necessity, but the automation of best practices makes it even easier to experience positive outcomes.
Here are a few basics to automate that can take the guesswork out of security:
- Strong passwords (typically this means longer)
- National Institute for Standards and Technology (NIST) SP 800-63-3
- Enterprise Password Manager
- Multi-Factor Authentication
- Something you know (password)
- Something you have (2nd factor)
- Automated Phishing Detection
- Mark emails as suspicious or take other actions automatically.
- Automated Endpoint Encryption
- Make encryption of devices automatic for employees.
- Automated Software Updates
- Make updating and patching critical software routine, not requiring user initiation.
Each device, software, and system within an organization represents a potential security risk. An endpoint may be used in an unauthorized manner, or a piece of critical software may have unpatched vulnerabilities. Being positioned to respond to a security incident is helped by maintaining a regular security inventory of your systems.
The following guidelines may assist you in creating an inventory and risk process:
- Maintain a regularly updated information systems inventory.
- Audit your organization's devices, systems, and software.
- Document the internal or external systems with which they interact.
- Maintain security incident response plans.
- Implement security policies
- Use the audit to request a risk assessment or perform one within your organization.
- Perform a tiered risk assessment via the NIST Risk Management Framework.
- Validate current security controls.
- Determine if new security controls are necessary.
- Continuously monitor for change
4. MONITORING THIRD PARTIES
Preventing unwanted change via real-time monitoring is truly the end goal of cybersecurity and cyber hygiene practices. Vendor risk management is often overlooked, and should be included within these practices. Utilizing a next-generation file and system integrity monitoring software ensures the availability and integrity of your critical IT assets. This should be done by instantly detecting all changes to your applications and infrastructure.
When a change is detected, a file and system integrity monitoring solution should capture this chance at the exact moment it occurs and provides a detailed audit trail of the incident, including:
- Where the change was made
- When the change took place
- Who made the change
- How the change was made
- What was changed
Ensure your systems are performing as expected and secure. Learn more about CimTrak today.
February 20, 2020