2017 has been a big year for the digital transformation with massive leaps forward in cloud computing technology, productivity and collaborative software, Big Data, and the Internet-of-Things. Thus, it has also been a big year for hackers and cyberattacks. This year alone has seen major Cybersecurity disasters such as WannaCry, the Petya and NotPetya ransomwares, the Cloudbleed data leakage, and the Shadow Broker ransomware attacks in April. As we look forward towards the future and begin to upgrade our IT environments it is easy to feel as though we are invincible. This is a dangerous feeling, though, and it is important to recognize that it is because of these massive leaps forward in technology that we must strive now more than ever to keep security in the forefront of everything that we do, or else we risk watching it all come crashing down before our eyes.
Let’s face it: Cybersecurity attacks are happening constantly. In 2016 alone an average of 55,000 devices were compromised by Ransomware every month. Whether specifically targeted or automated, these attacks can range from individual data phishing to financial crimes of a monumental scale. While there do exist several cyberattacks that result from faults of the software, these bugs and flaws are often caught early on and patched out. In fact, per reports, most cyberattacks are a direct result of some form of human error.
Don’t Forget the Basics
The human error in question may originate from a malicious internal user who leaks confidential information or uses their credentials to steal from the organization, but the number of reported occurrences within the lines of these scenarios is relatively minor compared to inadvertent errors. These human errors can include falling for the more sophisticated modern phishing scams, bad password hygiene, failing to push through recommended updates after new patches become available, or having too many permissions available to them. Even the smallest, most inoffensive action can lead to leaks in valuable company information.
Keeping a healthy password hygiene is the first line of defense when it comes to protecting the integrity of your organization’s security. Good password hygiene includes having a password that has not been used before does not include anything that is personal or relevant to the user, and is not a duplicate of any passwords used outside of the organization in their personal accounts. Some steps you can take to ensure that your users’ accounts are protected at this level are by banning common passwords, banning character composition and mandatory password resets, and enforcing multi-factor authentication methods.
Making sure that the patching process is regularly scheduled and understood by the end users is another key way to make sure that the devices are consistently protected with the most up-to-date updates and protective fixes. If users continue to prevent their computers from pushing through the updates by restarting the devices this could lead to some major issues down the road.
Another tried and true way to prevent data security issues is by applying the least-privilege principle to the organization’s IT infrastructure. This principle is all about allowing users the least amount of access to sensitive data necessary to perform their job responsibilities. It is also important to consistently monitor what roles and systems users have access to by creating an auditing schedule.
Security on the Mind
By keeping this concept of human error in mind we can identify the issue and keep security in the forefront of training employees and updating equipment. However, with all of that in mind, it is important to note that if we make the processes and policies too complicated or difficult for the end users by creating too many steps they will end up finding a way to work around it, circumvent it, and ultimately become frustrated. In addition, this could impact their productivity and ability to do their job. It is vital to always make sure that everyone in the organization feels empowered.
As you are consistently keeping your users updated and informed on the evolving IT environment you should also make sure that you are considering the implications that each decision you make within your organization make on your security system. This includes any hiring decisions, vendor relationships, new equipment purchases, and regular day-to-day activities. This may sound overly cautious but with the consistently volatile state of cybersecurity, being overly cautious is a survival technique.
It may sound cynical, but you must always assume that your organization is being targeted by somebody, whether directly or not. By keeping security in the forefront of everything that you do you can remain confident that everything that you have worked for is safe from cyberattacks.
What methods do you employ to protect your organization? Contact us for more information on keeping security in the forefront of everything that you do.