In this age of digital transformation, IT staff are under incredible pressure to keep up with the breakneck speed of new technology adoption, implementation, and management while trying to maintain usability, productivity, and efficiency. With this reality, something has got to give, and oftentimes what falls off the radar are security tasks.
HOW GOOD IS YOUR SECURITY HYGIENE?
Like flossing your teeth, you know security hygiene is crucial to your company’s health. However, when nothing seems to be going wrong, it can be easy to let good security habits slide a little bit. According to CSO Magazine, the biggest attacks last year focused on vulnerabilities with patches that had been available for anywhere from weeks to months: “In fact, a full 90% of organizations recorded exploits for vulnerabilities that were at least three years old.” Knowing you need to prioritize good security habits, keep in mind these commonly neglected security tasks.
SECURITY TASK NEED-TO-DO LIST
Consider adding these often overlooked tasks to your security check list:
- Patching, patching, patching. In line with the statistics mentioned earlier, companies need to stay on top of patching vulnerabilities. You don’t want to be the company that has a data breach as a result of a vulnerability with a months-old patch available!
- Focus on insider threats. The threat from inside is greater than many companies realize, making the need to focus on this threat all the more critical.
- Manage accounts. Users have accounts of all kinds, from Google and payroll software to project management and more. And with the proliferation of cloud-based apps, users can access these accounts from anywhere with a web connection—so without proper account management, users will have access even if they leave the company.
- Get back to the basics. How embarrassing for the 2018 Consumer Electronics Show to lose power, yet how many companies have back-up generators available should the need arise?
- Review supply chain security. Don’t assume that every piece of your supply chain is secure—pay attention to the security of third parties, suppliers, and service providers.
- Stop malicious DNS calls. When a user clicks on a phishing email link, the resulting DNS call likely reaches a malicious site. Companies can use tools to stop the call and inform the user they tried to access a malicious site.
- Enable DMARC. Domain-based Message Authentication, Reporting, and Conformance is a mouthful, but DMARC is one of the best tools to prevent social engineering attacks through spoofed emails. By enabling DMARC, companies can set up user warnings when spoofed messages are received or simply block the messages altogether, giving you one more layer of protection against phishing attacks.
With this list in hand, companies can set the goal of better security hygiene, but many will still struggle with where to get started.
One method of determining how to prioritize security tasks is to asses your vulnerabilities via a risk assessment. Security Pursuit will provide your company with a detailed look at your security strengths and shortcomings as well as a step-by-step plan to help you address critical vulnerabilities, risks, and threats. With this security audit in hand, you can get back on track with security hygiene you can brag about.