VOLUME 97 | ISSUE 10 | OCTOBER 2018
A recent study by the Ponemon Institute showed that the average size of a data breach increased 2.2 percent from 2017 with the average total cost of a data breach reaching $3.8 million. It is now more important than ever to implement preventative measures to help mitigate the risk of cyberattacks and train employees on cybersecurity best practices.
The weakest link is often not the technology itself, but the users who can unknowingly cause a security incident through events such as opening a phishing email or allowing a visitor on-site without checking their access. Due to these risks, organizations must invest in their employees by teaching them how to prepare for, prevent and respond to these risks as they arise. Here are seven tips for enhancing and educating your employees on cybersecurity awareness.
1. Education From the Top Down
This is number one for a reason. Individuals in management may think that because they have an incredible IT security director at the helm, their duties regarding risk mitigation are fully out of their hands. However, ensuring that management and employees fully understand the potential cybersecurity risks innate to your organization is important in preventing attacks.
The development of policies and procedures on how to prevent data breaches is essential, and educating employees both new and old on these policies and procedures is critical. Because the cybersecurity landscape is constantly changing, regularly educating management and employees on updated cybersecurity policies and procedures is important in mitigating risk. In addition, your organization should inform employees about new scams or potential new risks as they arise—for example, new phishing scams or websites with potential vulnerabilities.
2. Social Engineering and Phishing Scams
Typically, there are a few details that can indicate that an email or website may not be legitimate. These include poor spelling and grammar, an unknown sender and unfamiliar URLs. Also, abnormal requests such as an unanticipated account verification can also indicate that an email is part of a phishing scam. Verify the source before deciding to click.
3. Change Your Passwords Periodically
Do you use the same password across all of your accounts and devices? In the event your account is compromised, utilizing the same password across platforms makes it likely that other accounts will be compromised. Additionally, not changing password defaults immediately is a serious vulnerability that can compromise your system, as they tend to be the same across all systems and accounts. This lack of oversight can put the security of a system at risk.
New rules for creating passwords were announced by the National Institute for Standards and Technology (NIST), which include having a password between 8-64 characters long, and using longer phrases that are easier to remember. Furthermore, many systems feature two-factor authentication. This will provide a secondary form of authentication outside of your typical password, which will strengthen your security.
4. Verify Sites
Before conducting any activity on a site, users need to make sure that the site is secure. You can check to see if the site is using a secure certificate and employing SSL (Secure Socket Layer) to secure your data in transit. This can often be done by looking at the address bar in your internet browser. Google Chrome users will see a little lock that will show whether a site is using SSL by displaying a green lock to the left of the web address. Look for the lock!
5. Disable Automatic Wi-Fi and Bluetooth Connections
When you are in public, your phone and computer can automatically connect to unsecured WiFi or mobile hotspots. In addition, it might connect to other devices via Bluetooth. Be sure to disable this auto-connection feature on your phone to ensure you are safeguarding your personal information and to keep hackers at bay.
6. Always Secure Your Devices
Your device, whether it’s your computer, tablet or phone, contains valuable, sensitive information. It’s important to always lock your devices when you are away from them to prevent hackers from gaining access. Additionally, implementing two- factor authentication (as noted in tip three) will increase the security of your devices when you are away.
7. Be Conscientious About What You Are Sharing
This might be an obvious one, but people tend to share sensitive information without realizing it. A hacker can use information like your birthday, address, where you work, and even pictures of your family to compromise your account. Consequently, the more information a hacker has on you, the easier it is for them to steal your identity.
Making Sense of the Information Security Tips
Managing cyberrisk is a multi-faceted, organization-wide effort that requires implementation from the top levels down. With these seven information security tips in mind, you can protect your personal information and identity to help prevent a data breach from occurring in your organization.
BLAISE WABO is a managing consultant at A-LIGN, which focuses on performing SSAE 16, SOC 2 and ALTA Best Practices certifications in the title insurance and settlement industry.
Full article can be found at: https://www.alta.org/title-news/2018/v97i10/#?page=0