Does your company fully understand the importance of cyber security? Are you and your IT security team doing all you can to foster a culture of cyber security? Your leadership team should be thinking about how important your security culture can be to your company.
Your users are the first line of defense against intrusion, data loss and data breaches. People using your IT systems should be thinking daily about what they are doing to affect security. Here are some of the ways that you can foster a cyber-security culture at your business.
Training on Attack Vectors
Are your users receiving appropriate training on the different attack vectors that can be used to compromise their systems? Consistent training helps them recognize an attack when it occurs. They should receive regular updates on things like:
• Ransomware – The latest versions and how they work.
• Phishing – What is phishing and how it can be used to gain access to the network. Furthermore, they should be aware of the common types of phishing attacks that are used and how to recognize phishing when it occurs.
• Fraudulent Emails – CEO and high-level management email fraud. How to detect and avoid it.
• Social Engineering – Review common social engineering techniques that hackers use like posing as repair or support technicians.
Password policies can seem intrusive to users, particularly if they are complex passwords. However, simple passwords are one of the easiest ways that hackers can use to gain access to your data.
Instruct users on the procedure to create complex passwords easily. Teach them methods like using memorable song lyrics or movie quotes. Encourage them to replace common letters with numbers like 1 for I or 0 for O.
Remember to enforce good password policy. Keep your password policy strong and change it every three to six months to prevent passwords from being compromised.
Monitor Network Access
Handing out administrator access to everyone’s laptop or workstation is a bad policy. Make sure that users have the appropriate level of network access that their job requires. Do not confuse convenient access with appropriate access. If a user does not have the need to have admin access to a database, then do not give it to them.
Clean Out Your Forest
What is the policy for removing users when they leave the company? If you were to look at your user’s directory right now would there be user accounts for employees who have long ago left the company?
Having an off-boarding protocol is an important safety measure. Many major data breaches come from users who have left the company, but their access was not disabled or deleted when they left.
Set up a policy with the HR department to be notified immediately after a user no longer needs network access. In conjunction with that set up periodic reviews of the current users versus user accounts to ensure there are no old accounts in the Active Directory database.
Need Help with IT Support and Services?
U.S. Computer Connection can help your company with their cyber security needs. Contact us today to learn more about our IT support and services!