You Won’t Believe How Easy it is to Protect Yourself from the Biggest Threat to Your Security!
As the world becomes more connected than ever before, so too does the risk of cyber attacks and online security breaches. In fact, cyber crime is now the fastest-growing criminal activity in the world, with businesses and individuals at risk from hackers, viruses, and malware. So what can you do to protect yourself from the biggest security threat? You may be surprised to know just how easy it is.
Start with Strong Passwords
One of the simplest but most effective ways to protect yourself from cyber attacks is to use strong passwords. This means avoiding obvious choices like “123456” or “password”, and instead using a combination of upper and lowercase letters, numbers, and symbols for added complexity. It’s also a good idea to use different passwords for different accounts, and to change your passwords regularly.
Stay Up-to-Date with Software and Security Updates
Another easy and essential way to protect yourself from online security threats is to keep your computer and software up-to-date with the latest patches and security updates. These updates are designed to fix any known vulnerabilities or weaknesses in the software, and failing to apply them could leave you open to attack.
Be Careful with Emails and Links
Emails and links are common ways that cyber criminals try to trick people into unwittingly giving away sensitive information or downloading malicious software onto their computer. To protect yourself, be cautious when clicking on links or downloading attachments, and always verify the source of an email before taking any action.
Use Antivirus and Security Software
Antivirus and security software is a powerful tool for protecting yourself against online threats, as it actively scans your computer for viruses and malware and protects against attacks in real-time. Make sure you have reputable antivirus and security software installed on your computer, and keep it updated to ensure you are fully protected.
Conclusion
In conclusion, protecting yourself from online security threats doesn’t have to be complicated or time-consuming. By following these simple steps, you can significantly reduce your risk of falling victim to cyber attacks and enjoy the peace of mind that comes with knowing your personal and business data is safe and secure. So what are you waiting for? Take action today and start protecting yourself from the biggest security threat.
And even the biggest companies can be affected. In May of this year, Coca-Cola admitted to a breach affecting the personal data of over 8000 employees. A former employee had stolen a hard drive containing the data. It would be nice to say this was an unusual event, but the statistics disagree. In the 2018 Insider Threat Report from technology vendor CA Technologies, they found that 53% of respondents had suffered an insider breach during 2017. 27% saw an increase in the frequency of these types of incidents. But just what is an insider threat? And who perpetrates them?
What is an Insider Threat?
Insider threats don’t have to be malicious; accidents happen, people make mistakes. As a general principle, there are two main categories that insider threats fall into:
Malicious Insiders – Those Who Set out to Do Harm
This is the more traditional image of the “insider” and covers areas as diverse as industrial espionage and plain computer damage. I have personally come across a number of people in the latter category. These can be employees with high levels of computing skills, often being programmers or IT administrators, who purposely installed malware onto computers after they left a company. Malicious insiders cost companies money too. Sage, a software vendor, experienced an insider threat which affected hundreds of their customers and wiped 4% off their share value.
Accidental Insiders – Those Who Do Harm Without Intent
In another similar event, an expose of people’s use of the collaboration tool, Trello, found that users were inadvertently placing passwords on Trello boards in plain text for colleagues to use. A simple Google search for “passwords Trello” found a number of such password exposures.
Being Aware of Insider Threats
So how do we prepare ourselves to stop both types of insider threat? The answer is that there is no single solution to what is a highly complex issue. Certain technologies can be deployed to mitigate the risks of insiders; these include Intrusion Data Loss Prevention (DLP), encryption and SIEM tools. Some of these tools help spot anomalous behavior and alert an organization to an issue before it becomes a problem. But with human-based security issues, such as those posed by insiders, any cybersecurity strategy should always be augmented with a human-centered approach. Cybersecurity awareness is, now, more than ever, a key component of an organization’s security strategy. There are three aspects to creating insider threat awareness across the organization:
The Culture. Cybersecurity is now, unfortunately, part of our everyday lives. It is a regular big news item on the mainstream channels, with big names such as Equifax, Uber and Yahoo making us sit up and take notice on data breaches. Now that cybersecurity has crossed over into mainstream cultural awareness, it also has to sit firmly in our corporate culture. Building a culture of security within your organization starts with awareness. It’s ultimately about being proactive against cyberthreats, taking the problem on by standing together against it. A culture of security pervades every aspect of an organization, from the time of recruitment through to the final goodbyes. This lifecycle approach is particularly important for containing insider threats. One area of this culture that needs to be tackled is the thorny issue of feeling like a snitch if you inform on suspicious activity of a colleague. The right approach is to make sure everyone feels they are in the same boat, together. Only then will it feel positive, at a group level, to point out possible misdemeanors by colleagues. The Policy. The inclusion of insider threats in enterprise security policies goes without saying. Best practices in managing the threat of insiders should be pervasive throughout the policy. A good place to start in working out what these best practices are is CERT’s “Common Sense Guide to Mitigating Insider Threats.” The guide sets out a framework for formalizing a threat-management program and shows how to enforce policies controlling insider threats. It also looks at everything from hiring to firing and everything in between, giving advice and offering measures to manage the various insider issues. The Training. Awareness is crucial in recognizing the patterns of insider threat and preventing accidental data breaches and resource exposure/damage. Security awareness training is something that can be applied across the entire organization and out into our vendor ecosystem too.
One of the most important aspects of the training is to establish a culture of security — that is, develop an ethos where security is everyone’s responsibility. Training is not a one-off exercise. Security awareness, like the security threats it represents, is a changing goalpost. Awareness training is therefore ongoing, keeping everyone up to date with new threats and new issues. One of the biggest issues in dealing with an insider is that the very nature of the threat means it could well be a colleague that is accidentally, or even maliciously, causing damage. We need to overcome our concerns and even bias towards this issue; accept it happens, and be aware of the nature of the threat. By incorporating an understanding of the threat deeply into our policies through awareness training, we can help to reduce this increasingly-worrying security gap.
Sources
Coca-Cola Suffers Breach at the Hands of Former Employee, Bleeping Computer Sage leads FTSE 100 fallers after data breach, City A.M. Accenture left a huge trove of highly sensitive data on exposed servers, ZDNet Trello Scrambles To Rescue Users Who Foolishly Used Its Service To Store Passwords, Gizmodo CA Technologies, 2018, Insider Threat report Gemalto, Breach level Index The CERT Insider Threat Center, Common Sense Guide to Mitigating Insider Threats
