Blogs and Posts
- By: Garry Feldman
- Date: July 13, 2016
Does your company fully understand the importance of cyber security? Are you and your IT security team doing all you can to foster a culture of cyber security? Your leadership team should be thinking about how important your security culture can be to your company.
Your users are the first line of defense against intrusion, data loss and data breaches. People using your IT systems should be thinking daily about what they are doing to affect security. Here are some of the ways that you can foster a cyber-security culture at your business.
Training on Attack Vectors
Are your users receiving appropriate training on the different attack vectors that can be used to compromise their systems? Consistent training helps them recognize an attack when it occurs. They should receive regular updates on things like:
• Ransomware – The latest versions and how they work.
• Phishing – What is phishing and how it can be used to gain access to the network. Furthermore, they should be aware of the common types of phishing attacks that are used and how to recognize phishing when it occurs.
• Fraudulent Emails – CEO and high-level management email fraud. How to detect and avoid it.
• Social Engineering – Review common social engineering techniques that hackers use like posing as repair or support technicians.
Password policies can seem intrusive to users, particularly if they are complex passwords. However, simple passwords are one of the easiest ways that hackers can use to gain access to your data.
Instruct users on the procedure to create complex passwords easily. Teach them methods like using memorable song lyrics or movie quotes. Encourage them to replace common letters with numbers like 1 for I or 0 for O.
Remember to enforce good password policy. Keep your password policy strong and change it every three to six months to prevent passwords from being compromised.
Monitor Network Access
Handing out administrator access to everyone’s laptop or workstation is a bad policy. Make sure that users have the appropriate level of network access that their job requires. Do not confuse convenient access with appropriate access. If a user does not have the need to have admin access to a database, then do not give it to them.
Clean Out Your Forest
What is the policy for removing users when they leave the company? If you were to look at your user’s directory right now would there be user accounts for employees who have long ago left the company?
Having an off-boarding protocol is an important safety measure. Many major data breaches come from users who have left the company, but their access was not disabled or deleted when they left.
Set up a policy with the HR department to be notified immediately after a user no longer needs network access. In conjunction with that set up periodic reviews of the current users versus user accounts to ensure there are no old accounts in the Active Directory database.
Need Help with IT Support and Services?
U.S. Computer Connection can help your company with their cyber security needs. Contact us today to learn more about our IT support and services!
- July 2017 (3)
- June 2017 (6)
- May 2017 (4)
- April 2017 (6)
- March 2017 (4)
- February 2017 (5)
- January 2017 (5)
- December 2016 (5)
- November 2016 (5)
- October 2016 (4)
- September 2016 (6)
- August 2016 (4)
- July 2016 (7)
- June 2016 (7)
- May 2016 (6)
- April 2016 (5)
- March 2016 (7)
- February 2016 (5)
- January 2016 (5)
- December 2015 (6)
- November 2015 (1)
- October 2015 (2)
- August 2015 (5)
- Backup and Disaster Recovery (6)
- Business IT (24)
- Security (34)
- Training (21)
- Uncategorized (25)
- Webinar (17)