Page 13 - Cyber Warnings
P. 13
commercial and freely available tools out there. You can always evaluate those tools which you
find most suited for your own best-practice model.
So let’s consider the following as MUST-DO best practices in cyber security to defend your SMB
against the risk of a breach:
1) Roll out corporate security policies and make sure all your employees understand them.
2) Train employees and retrain employees in key areas – acceptable use, password
polices, defenses against social engineering and phishing attacks.
3) Encrypt all records and confidential data so that it’s more secure from prying eyes.
4) Perform frequent backups (continuous backups are even better than daily backups).
5) Test your backups by restoring a system to make sure the backup-restore process
works.
6) Better screen employees to reduce the risk of a malicious insider.
7) Defend your network behind your firewall – and make sure you can block rogue access
(for example, the cleaning company plugging in a laptop at midnight) and manage the
bring your own device (BYOD) dilemma.
Over 95% of Breaches Happen Behind Firewalls – It’s Usually an Employee Mistake
How many times have you heard of a trusted insider falling for a phishing scam or taking a
phone call from someone sounding important who needed 'inside' information? It's happening
too frequently to be ignored. Some employees love browsing Web sites they should not or
gambling online or chatting using instant messenger tools. You need to educate them about
acceptable usage of corporate resources.
They also usually don't know much about password policies or why they shouldn't open the
attachment that says "you've won a million - click here and retire now." It's time to start training
them. Invite employees to a quarterly 'lunch and learn' training session. Give them 'bite-sized'
nuggets of best practice information.
For example, teach them about the do's and don'ts of instant messaging. If you are logging e-
mail for legal purposes, which in some cases is required by law (SEC requirements for financial
trading firms), let them know that you are doing it and why you are doing it. Give them some
real-world examples about what they should do in case of an emergency. Teach them why
you've implemented a frequent-password change policy and why their password should not be
on a sticky note under their keyboard.
Let these sessions get interactive with lots of Q&A. Give an award once per year to the best
security compliant employee who has shown an initiative to be proactive with your security
policies. If you can keep them interested, they will take some of the knowledge you are
imparting into their daily routines. That's the real goal.
13 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
