6 Best Practices for Cybersecurity in 2017
Every organization strives to have the best cyber security possible, but with the number of data breaches from insiders in the headlines today, keeping up-to-date with new security practices to implement is crucial. It can also be time-consuming. So, assuming you have the basics down: encrypting data, firewalls, etc., the best practices outlined below for 2017 are items you may not have previously considered, but definitely should. Check out the list of these best practices for cyber security as you consider your Insider Threat planning this year:
- Identify and Protect Your Unstructured Data
Unstructured data contains valuable insights and business information that can be very valuable to an outside party. Because it is, by nature, unstructured, identifying this data can be tricky. Once identified, it is important that it is stored in a specific location; just because information is so easily transported these days, and it can turn up in unforeseen (often vulnerable) places. Make sure this precious data is always locked down and not accessible to malicious outsiders.
- Review Access Control Policies
Do you know who has access to your most valuable data and assets? It is so important to be careful about who can gain entry to your secured data. A recent study revealed that only one third of companies know how many vendors access their systems! Ideally, you’ll create specific access controls for all your users (including vendors and contractors) so you can limit their entry to only the systems they need for their day-to-day tasks. This will limit the exposure of your sensitive data and keep you apprised of specific user activities (who is doing what, when and where).
- Beware of Social Engineering
All the technical IT security you implement can’t take the place of good judgment or account for innocent mistakes. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Even still, no one is exempt. The FBI suffered a social engineering attack last year which leaked identifying information on 20,000 FBI agents. Attempts like this one may come from phone, email or other communication with your users. The best defense is to educate and train your users, which bring us to our next point…
- Educate and Train Your Users
No matter how skilled they are, your users will always be the weakest link when it comes to securing your most valuable information. But the good news is, security teams can limit this risk through regular training and education pertinent to the organization’s cyber security policies. This training should include how to recognize a phishing email, a vishing scam, how to create heavy-duty passwords, how to avoid dangerous applications, how to take information out of the company in a secure fashion, and other germane user security risks.
- Monitor User Behavior
Trust but verify. While competent, trained users can be the front line in cybersecurity, technology is still the best line of defense. Insider threat monitoring and analytics allow you to monitor users (even as anonymous entities) to verify that their activities meet the organization’s security standards. If a malicious outsider gains access to their log-in information—or if an insider chooses to take advantage of their system access—you will be immediately notified of the suspicious activity and can take the steps necessary to rectify the situation. Monitoring can also help you address gaps in compliance.
- Review New Compliance Requirements
Regulations like HIPAA, PCI, SOX, DSS, EU GDPR, NISPOM, and ISO offer standards for how your business should conduct its security. It’s always important to keep up-to-date on the latest requirements and keep your technology current. Although preparing audit logs can seem like a hassle, compliance can help guide your business to cybersecurity success!
We hope this list of 6 best cybersecurity practices helps as you consider your priorities for this year. Download this free eBook Insider Threat Program: Your 90-Day Plan to learn more about building your insider threat program. And if you’re ready to include these best practices as part of your program, start by requesting a demo or download a free trial of ObserveIT today.