Best practice for IT security: How to build a company that's secure from the inside out against cyber attacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cityam.com/227083/best-practice-for-it-security-how-to-build-a-company-thats-secure-from-the-inside-out-against-cyber-attacks

Not a day goes by without data leaks, hacked email accounts or compromised
corporate networks hitting the headlines. The topic has become the new
front line for businesses - a battleground between malicious hackers and
security experts that shows little sign of stagnation.

Businesses are investing billions every year defending against external
attacks and protecting their assets. But any defence is only ever as strong
as its weakest link and for every organisation, this is their staff.

There is no greater risk to sensitive company information than human error
or negligence. The director of the CIA could tell you a story or two about
this, having recently been hacked after downloading confidential
information onto his private email account. An unusual lapse for someone
who has worked with the intelligence services for nearly 40 years.

A company's longest-standing and most loyal employees also pose the biggest
IT security threat, as revealed in a new report on an organisation's
riskiest users. As people stay longer with a company, they get more
comfortable.

They become complacent, because they’re still doing the same job even as IT
and technology are advancing around them. Tenured employees are most likely
to neglect IT security guidance by using personal passwords for business
applications and keeping hard copies of their passwords, increasing the
likelihood of intruders gaining access to the company systems.

Ironically, those employed to keep watch and ensure a company's IT security
is tight are the worst offenders. IT generally has the poorest security
habits of any department within a company.

But while these results are concerning, there are steps that UK businesses
can take to reduce the risk of falling victim to insider breaches.
Employees are a company's first line of defence but they also need to be
aware of the security threats out there in order to avoid them. Staff
training should be constantly refreshed to ensure it stays in line with
evolving threats.

Equally, companies need to stay on top of the game themselves and implement
dynamic security policies that evolve in step with technological
advancements. This approach will give employees clear guidance on what they
should and shouldn't be doing. Finally, users should always only have
access to documents that are in direct relationship to their function and
role. If disaster strikes, intruders won't get very far and the data at the
very heart of the business is still protected.

IT security best practice clearly can't just rely on fending off external
threats alone. Companies also need to put stronger emphasis on internal
threat prevention in order to build a business that's secure from the
inside out.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!