According to Cisco’s Visual Networking Index, there will be 3.4 networked devices per capita by 2020. This represents 26.3 billion networked devices and nearly a 40% increase in just five years. To handle this flood of new devices, many companies today are utilizing the cloud to connect devices to the corporate network. Is it any surprise that cybersecurity has become one of the top priorities for businesses?
While new technology adds convenience and capabilities for businesses, it also makes them more vulnerable to potential security breaches. To help ensure the protection of your valuable assets, data and employees, we have five simple steps to improve your company’s cybersecurity.
Perform Routine Phishing Tests
According to Jeh Johnson, Secretary of Homeland Security, “The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.” Johnson delivered this sobering news at a recent Financial Crimes and Cybersecurity Symposium in New York. The reason this approach is so devastating is that it’s inexpensive to deploy and targets the weakest link in your security defense. No matter how much money your company spends on security, one simple phishing link sent to the right (or in your case, the wrong) employee can compromise the most sensitive corporate information. Performing routine phishing tests is a great way to prepare employees to avoid potential phishing attempts. Some companies perform these tests, but few perform them as often as they should.
To ensure that employees are prepared for potential phishing attacks, a best practice is to send employees a phishing test email at least once a month. The more often they see what common phishing attempts look like, they less likely they are to click on an actual phishing link. Just because employees passed a test in the past doesn’t mean that they’re in the clear. Employees need to be constantly vigilant for potential phishing attempts. It’s also a good tactic to find out who the weakest links are in the company so you can fire them! Just kidding, no need for any firing when some effective security awareness training will do the trick!
Make Mandatory Password Rules
It’s simple and you hear it all the time, but often employees need a reminder to change out their old passwords. A strong and regularly-updated password is a great and simple way to protect against potential breaches.
There may be a few employees that are hesitant to change their password, or that will disregard your reminder to do so. It is important to remind them a mild inconvenience now is worth it to avoid a major one down the road.
Protect from the Inside Out
Too many companies these days only worry about protecting from the outside. According to Tim Grieveson, Chief Cyber Strategist at HP, 87% of security budgets today are spent on firewalls. But only protecting from the outside can be a dangerous approach. In order for communications to flow from your company to your partners and customers, you have open ports in the firewall, creating potential vulnerabilities. Once breached, all the information on your network can be compromised.
In addition to firewalls, many companies are deploying a tactic called micro-segmentation. By developing rules and enforcing them with software that ensures specific data can only flow to predetermined locations, you can prevent data from leaving your network to unauthorized destinations. By building virtual walls around the data most important to the company, even if hackers get in, they can’t get your data out.
Require Employees to Connect Using VPNs
If this isn’t something you already do, it’s an easy way to add an extra step to your network security. Requiring all employees to connect via a VPN (Virtual Private Network) makes connections encrypted and safe from anywhere. However, to ensure that employees use a VPN when connecting and accessing company resources, it’s important that you make this easy to do.
There's no need to require more than a username and password to connect; anything else is an extra, unnecessary step that will discourage employees from using the VPN. Also be sure that your internet connection has a static IP address, as many DSL and business-class connections use dynamic addressing, where the IP address of your internet connection changes occasionally. If the IP address keeps changing, your employees have no way to connect!
Be aware that even VPNs are subject to attack, so make sure your code version is up to date and that there are no known vulnerabilities. Any technology, even security technology, may be vulnerable; so the more tools you have, the more difficult you make it for the hacker. Time is money for hackers so if you’re not an easy target, you’re less likely to be targeted!
Take Advantage of Security Tools
Connected employees that can work anytime, anywhere are a huge benefit to business productivity, but with so much important data traversing the internet, it’s hard to ensure its security. How familiar are you with your netflow traffic? If you aren’t, you need to be because knowing your data and the risks of losing specific types of data is essential. There are lots of great, free tools that can help you get more familiar with your data like Wireshark (packet analyzer), Snort (IDS/IPS), or NMAP (port analyzer). If the value of your information calls for more sophisticated security tools, consider options like OpenDNS for mobile devices and Lancope for packet analysis.
Once you know your data, you can employ best practice data protection by attaching security to the data, using encryption and two-step authentication, and managing encryption keys. Then if for any reason data is stolen, it’s useless to the person stealing it.
Is your company’s security architecture prepared for a shift to a more mobile workforce? According to IT Pro Portal, one in three businesses are unprepared for the digital transformation. Don’t leave your company, data and employees vulnerable to potential breaches. Start by implementing these simple tips and then reach out to our security expert, Jason Smith, for information on more in-depth security consulting and training opportunities.