Page 57 - Cyber Warnings
P. 57
own convenience, without realizing the severity of consequences that can follow.
The only way to remedy this situation is to conduct security awareness training in order to
familiarize your employees with the latest security trend and make them aware of how they
affect the cyber security of your company. This will help to significantly reduce the number of
mistakes made by employees (since if they are aware of the severe consequences of their
actions, it will prompt them to be more careful) and protect them from social engineering. They
will know to not only ignore the links in spam emails, but also to report a fellow co-worker, who
asks for a password from their account, or brags that he plans to start a competing business.
Also by making your employees aware of the security measures you are taking against insider
threats, you are enlisting them on your side, creating a healthy working environment based on
trust and deterring some of them from conducting malicious actions.
Step 5. Employ secure password and account management procedures
Using shared or default accounts is a prevalent practice in many organizations. However, this
may allow certain employees to obtain access to privileged accounts that they do not supposed
to have. Prohibiting use of shared accounts is necessary for reliable security.
You should also make sure that your accounts are thoroughly secured by unique complex
passwords that are changed on a regular basis. It is also necessary to immediately change any
default passwords that your company may use for any software or hardware. Such passwords
are usually public and will allow both hackers and malicious insiders to easily take control of the
system. Another important thing to do is to prohibit password sharing between employees, as
well as the use of a single password across multiple accounts. This way you are not only
making it harder for malicious user to get their hands on credentials of other employees, but
also are thoroughly protecting your data from cyber security attacks by outsiders.
Another way to strengthen your account security and make sure that account is used by a
correct person is to implement a secondary authentication. Such system, implemented with
either mobile devices or more sophisticated physical tokens can be used to reliably confirm the
identity of the person trying to log in and serves as a safety net in case the password has been
compromised.
Step 6. Conduct employee monitoring
Employee monitoring is a great prevention and detection tools that will help you effectively deter
malicious insiders and ensure integrity of your sensitive data. Professional monitoring software
will give you a full visibility into what users are doing, providing you with the ability to quickly
detect insider attacks, establish a culprit and issue a timely response.
• Monitor user actions. Many companies limit themselves to access monitoring or built-in
login capabilities of software and systems that they are using. However, in most cases
this is not enough, as user will be able to easily disguise their malicious actions as a
regular work and alter or disable most internal logs. It is best to conduct thorough user
action monitoring using dedicated monitoring solutions. Such software will be thoroughly
57 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
