October 01, 2015
October is National Cyber Security Awareness Month (NCSAM) – and it comes none too soon.
The cost of cyber crime increased a whopping 19% this year compared to 2014, according to the latest Cost of Cyber Crime study from the Ponemon Institute. On average, companies in the study lost $15 million due to cyber crime.
The 12th annual NCSAM provides information and resources with a goal to help everyone be safer and more secure online. NCSAM is sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.
For businesses, here are best practices that should be part of a workplace cyber security plan:
Security is company culture. Week Two of NCSAM focuses on the importance of creating a culture of cyber security in the workplace. ‘Culture’ starts with security-savvy executives. Also, security processes are promoted and embedded in all aspects of the workplace. As the traditional workplace embraces an increasingly mobile workforce and there is a blurring of lines between work and personal devices (BYOD), NCSAM says employees have a shared responsibility to do their part and on-going security training is all-important.
Anti-everything. All computers should have the latest anti-virus software and anti-spyware; also the latest operating system, browser, and other safe-guarding software. Use a firewall, encryption and two-factor authentication.
Good password practices. A 2013 Data Breach Investigations report showed that about three-quarters of attacks on corporate networks involved weak passwords. Teach everyone to use a mix of uppercase and lowercase letters, numbers and symbols in passwords and change them routinely. Do not allow devices to remember your passwords.
Informed online behavior. Teach employees not to open suspicious links or attachments in emails, etc. – this is how phishing scams work. Also, limit the amount of personal information posted online. Cyber criminals use social media websites to research their targets.
Clean machines. Apps are getting a lot of press because some have been found to contain malware, etc. Implement strict mobile device security procedures that cover these kinds of mobile device vulnerabilities.
Disaster recovery plan. In the Global IT Study by EMC Corp., only 6% of respondents said they have a disaster recovery plan for incidents related to big data, hybrid cloud and mobile. Data loss and downtime cost enterprises $1.7 trillion in 2014.
Physical security. Monitor and proactively protect the physical workplace too. A Clean Desk Policy helps ensure that confidential information is not easily obtained.
Secure hard drive disposal. Do not stockpile hard drives that are outdated or out of order. Research has shown that confidential information is often still on hard drives and can be extracted by information thieves. (Unfortunately, the 2015 Security Tracker from Shred-it showed that 37% of businesses never dispose of hard drives.) Implement secure e-media and hard drive destruction by partnering with a reliable shredding company. Secure media destruction means that confidential information is 100% non recoverable, according to the How Secure is your E-Media Disposal Process infographic from Shred-it.
Learn how to reduce insider fraud in the workplace – and better protect your organization’s reputation and bottom line.