In the spirit of kicking off Cyber Security Awareness Month, today we take a look back at useful tricks and tips to help improve your organization’s cyber security awareness. Remember, you are only as secure as your weakest link, which tends to be the people working in your organization.
- As you might expect, weak passwords are often the easiest ways for attackers to gain access to an organization. Teach your employees how to choose strong passwords as opposed to falling into the trap of “Fall2019”.
- Avoid weak passwords within IT group for shared accounts, service accounts, etc.
- Fun Fact: Modern password cracking machines can brute force a 6 character password in minutes, 7 characters in under an hour, and 8 characters in under 2 days. So a longer password becomes exponentially more secure.
- Any security awareness training is better than nothing. There are certain things that should ALWAYS be included in an awareness training, such as how to spot certain types of attacks, how your users should be reporting suspicious activity, how to choose strong passwords, etc.
- Pro Tip: Consider having a penetration tester conduct your awareness training! This will help improve employee engagement and provide a unique perspective from someone who actually conducts social engineering campaigns on a regular basis.
- Educate, educate, educate! Phone based vishing attempts are becoming more and more prevalent and employees are more likely to fall for them, as people don’t commonly suspect social engineering to be this sophisticated. Most of the time, people want to inherently trust others. Educate your employees on how to spot an attack and how to shut it down.
- Penetration Testing should be a key piece of your overarching security program. Depending on your organization, there are different types of penetration testing that should be considered to ensure you are properly assessing your risk.
- When selecting a penetration testing vendor, be sure you conduct proper due diligence and ensure that the penetration testers have the appropriate level of expertise.
- Ensure that the vendor you select will be preparing and providing a document set that achieves your goals and can be leveraged internally by your teams to address the discovered vulnerabilities.
As a security company, we cannot advocate enough that security should be a part of your overall information technology program, mandated from the top-down within an organization. Security is constantly evolving and, unfortunately, the bad guys are getting more and more sophisticated. Educate your employees, conduct ongoing security hygiene functions like patch management, and explore having a penetration test conducted to ensure the security controls you have deployed are effective in reducing your risk. Contact us today if you are interested in learning more!