6 cyber best practices for the new year

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://washingtontechnology.com/articles/2016/01/04/insights-griffin-security-resolutions.aspx?admgarea=TC_Contracts


Happy 2016, everyone!

The new year is a great time to set new personal and professional goals,
but as a security professional, I also believe this is the perfect time to
assess your company’s current practices for preventing insider threats to
your security.

One of the biggest security threats to your business is now coming from
people on the inside—not the outside—of your organization.

Spending some time at the first of the year to review your current
procedures and networks—and making any necessary changes or adjustments--
will go a long way towards keeping you safe and secure for all of 2016.

Here are 6 best practices you need to review to prevent insider threats:

Review Current Access Privileges

Do you know who in your organization has access to what information? Giving
too many employees access to your network increases your chance for a
security breach. Schedule a meeting with your human resources and IT teams
to go through every position and their current level of network access,
making sure each employee has access to just the information he or she
needs in order to effectively perform their job.

In addition, I suggest creating a second level of security that limits
privileges to any single administrator--such as requiring two people to be
involved in protecting or serving your network.

Monitor Online Actions of Employees

If you do not currently have a system in place for monitoring online
actions of employees, you need to create one. This type of system will
allow you to discover suspicious actions before they become more serious.

“Employees will put your business at risk accidentally or intentionally,”
says Nancy Flynn in an article for Entrepreneur.com. “You need to mitigate
those risks and keep misdeeds from turning into expensive crises or
lawsuits.” Click here for three ways to legally and ethically monitor your
employees online and always consult with your legal team should you have
additional questions or concerns.

Defend Against Malicious Codes

One of the biggest insider threats we are seeing is when system
administrators or privileged users install malicious codes on a network.

“These types of attacks are stealthy and therefore difficult to detect
ahead of time,” writes NetworkWorld.com.  Implement things that will help
you with early detection such as anti-virus programs or regular network
scans.  Click here for some additional information about preventing viruses
in your network.

Implement Strategies for Data Backup and Recovery

Take inventory of your entire network including hardware (i.e. servers and
computers), software and data. Then, create a plan to ensure that all
critical information is backed up and easy to recover should an IT disaster
occur. “The impact of data loss or corruption from hardware failure, human
error, hacking or malware could be significant. A plan for data backup and
restoration of electronic information is essential,” states the Ready.gov
website, which also includes valuable information and tips for how to
create backup and recovery strategies.

Train Employees

In addition to making sure all of your employees understand what security
policies and procedures exist, they also need to understand why they are in
place and the consequences that come should an employee choose to ignore
the policies. Review your employee handbook and create a series of employee
meetings to specifically discuss security policies and procedures. As you
move forward, make security training part of your new employee orientation
program.

Incorporate a Continuous Evaluation Program

CEP - By definition, CEP involves the uninterrupted assessment of an
individual for retention of a security clearance or continuing assignment
to sensitive duties. The CEP program can assist any company that has a
vested interested in protecting their sensitive and proprietary information.

Checks such as;

• Multi-State & Federal Criminal Search •  National SSN/Address Locator •
 Sex & Violent Offender Search • Terrorist Search (OFAC Search / Government
Watch List)

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.