With the number of highly publicized data leaks and breaches on the rise, cyber security continues to be a hot topic throughout 2016. Upper managers ask themselves, how to increase information security inside their companies. What solutions and cyber security practices need to be employed in order to provide reliable network and data protection?
Everyone is aware of the importance of using anti-viruses and firewalls. By using products from the best cyber security companies and keeping them up to date, you can build reliable foundation for the computer security of your organization. However, the key to great protection lays in the layered and comprehensive approach. Well-known information security practices, such as backups, anti-viruses, and firewalls are only the beginning. Corporate cyber security landscape keeps changing and evolving and security measures keep adapting. It is important to keep up to date and use a combination of latest security practices and solutions to set up a truly layered complex defense.
With this in mind, we present you with the best practices IT security field has to offer this year, that you may not be aware off:
1. Keep software up to date
It is a no-brainer to keep your anti-virus up to date. However, many companies for some reason have trouble wrapping their heads around the concept of keeping every software updated. Most organizations use legacy software and older version without realizing that they often have critical vulnerabilities that attackers can use to easily get access to sensitive data or infrastructure. There is no use in putting up firewall, when you use an old web-browser with a lot of known vulnerabilities.
2. Maintain effective security policy
Security policy is a backbone of your protection that should serve to establish and formalize security procedures inside your organization. Not every company has a security policy, but even the ones, which do, frequently do not enforce it effectively. Employees are quick to sacrifice any security guidelines for convenience if they are not properly enforced. Enforcement needs to start with upper management and move down, ensuring that every employee is aware of the policy.
3. Rise employee awareness
IT security best practices and trends tend to rarely be the point of concern for a regular employee. However, inadvertent actions of such uneducated employees can cause major security breaches. Educating your employees not to leave their laptops and mobile devices unattended or not to use unprotected applications, stay aware of fishing websites, etc., can go a long way in strengthening your corporate cyber security. By rising their security awareness and actively involving them into maintaining security, you create a healthy data protection environment.
4. Prohibit password sharing
Password sharing can be a major issue and is mentioned in any IT security tips list. It allows employees with the limited level of entitlement to circumvent company security policies and gain access to data that they are not supposed to have access to. You need to educate your employees on the dangers of password sharing and actively discourage it.
5. Disable access on termination
Companies often do not bother deleting login information of former employees. As a result, ex-employees retain their access to company systems, allowing them to commit malicious actions, such as data theft. It is important to disable access of former employees immediately upon termination.
6. Take steps to combat spam
With the rise of ransomware and other types of viruses spreading through emails, employing counter-measures against spam quickly became on one of the most important and best cyber security practices in 2016. Malicious software, sent via email can be very dangerous, when landing in an inbox of an uneducated employee. It is important to not only properly setup an automatic spam filter, but also to educate your employees on the danger of clicking unfamiliar links.
7. Keep an eye on privileged users
Practice shows that users with privileged accounts pose the most danger to the company. Although they are highly trusted, they also have high level of access to valuable data and as a result are much more tempted to steal, alter, or use it for their own benefit. Solutions to control and monitor actions of privileged users should be employed in order to make sure that the company is protected from this most trusted, yet most risky group.
8. Manage third-party vendors
Opening access to sensitive data and company infrastructure to third-party vendors rises the risk of data loss and security breaches. It is important to establish strong security policies when dealing with third-party vendors and subcontractors. All the necessary procedures, such as storing and deleting data, providing and terminating third-party access to your system should be established in the contract. When opening access to your data and network resources from a remote location, make sure to follow best practices for network security, such as using protected connections and encrypted data transfer protocols. You may also want to establish user activity monitoring for third-party vendors working directly with sensitive data or critical configurations.
9. Be wary of USB devices
Flexibility of USB devices made them very popular in a business environment. What is easier for transporting the large number of files, than to use a small USB thumbstick or external hard drive? However, such devices pose a major security vulnerability. They can be used to easily spread malware or steal critical data. Control and monitoring of USB devices is among data security best practices. You should definitely consider using automated USB detection and blocking tool, or a more sophisticated dedicated solution.
10. Monitor application access
Access to critical applications needs to be thoroughly monitored in order to prevent any potential data leaks. The most basic way to do this is to collect detailed logs. However, in terms of cyber security, logs may not always prove enough. If users sharing the same account, it can be hard to know who accessed an application. System-wide secondary authentication, or an application-specific additional access control are often required.
11. Assess risks
In order to create an effective security system, you need to know where your organization stands in terms of reliability of its security and what dangers it really faces. You can conduct an audit and use various security reports in order to gather the necessary data and statistics to make an accurate risk assessment and channel your security efforts into where they need to be.
12. Develop incident response strategies
It is important to realize that cyber attacks and security breaches happen to everybody. Regardless of the strength of your defenses, it is always a matter of “when”, not “if”. And when the incident eventually happens, you need to know exactly what to do. It is important to realize the types and directions of attack your company is most likely to be a subject of and develop appropriate incident response strategies in advance. This will greatly reduce your response time and costs in the long run.
Learn also how to protect your computers from data misuse.
How Ekran System can help you implement this practices
Ekran System is a dedicated solution to control and monitor user actions, designed primary to detect and prevent insider threats. While anti-viruses and firewalls are used to effectively secure the perimeter around your data, Ekran System can protect sensitive data and infrastructure from access from within, allowing you to set up more complex and layered security. With rich set of features, it can be a powerful asset in implementing security practices mentioned above:
- Privileged user monitoring. Ekran System can monitor any user regardless of the level of privilege or entitlement their account has. User cannot stop or interfere with the video recording, allowing you to see exactly what he or she is doing.
- Third-party monitoring. Ekran System can effectively monitor actions of sub-contractors and third-party service providers. It is not intrusive and will not have any impact on the established workflow, while allowing you to see exactly what the remote user is doing.
- Secondary authentication. Ekran System has built-in secondary authentication feature, allowing you to effectively deal with shared accounts and know exactly who accesses the application at the current time. Each video recording and metadata is clearly identified with specific user.
- Alerts. Ekran System features customizable alerts that will send notifications via email with the link to the specific video recording, allowing you to immediately review every potentially dangerous actions. If user session is still ongoing, you can watch user actions via life feed and block the user immediately if needed, allowing you to minimize the damage.
- Security reports Ekran System is capable of creating a number of customizable reports that can aid you in risk assessment and security audits.
- USB blocking. Ekran System can detect the type of USB devices on connection and optionally automatically block any such devices. It is an effective tool versus unauthorized use of mass storages and self-activating malware.
- Easy and frequent updates. Ekran System provides frequent easy-to-install updates. Once you update the main system Server, all Clients will update automatically, allowing you to easily keep your software updated.
Effective security is always layered
In order to maintain effective security, you need to cover every major point of risk that your organization is facing. Only using anti-virus software or conducting user monitoring is not enough, you need to employ all of best practices of cyber security in order to thoroughly protect your organization from any potential attacks. It may seem that the deployment of multi-functional tools from the best cyber security companies will immediately guarantee strong infrastructure and data protection, but you should remember about the importance of organizational security measures. Finally, it is your responsibility to make sure that every aspect of your organization's digital presence is properly covered by your security policy.