Businesses invest in many technologies to prevent cybercriminals from breaching their systems. By implementing firewalls, antivirus, and endpoint protection, organizations hope to put a barrier between an attacker and company data. These tools are very effective when implemented correctly, but there’s a catch. Cybercriminals often bypass perimeter security measures by focusing their efforts on one thing, humans.
That’s right; humans often play a critical role in data breaches. Attackers look for human errors to exploit or leverage social engineering tactics like phishing to obtain sensitive information and credentials. Once a cybercriminal possesses stolen credentials, they will look for ways to move laterally throughout your network.
Firms need to establish strong cybersecurity policies and provide user awareness training to minimize the human element. In fact, user training and awareness are so critical to cybersecurity that The Office of Compliance Inspections and Examinations (OCIE) identified them as key factors in its Cybersecurity and Resiliency Observations report.
Cybersecurity Policies
To prevent users from putting your business at risk, create robust cybersecurity policies that include:
Password Policies
Make sure your organization has password policies. Bad password habits make it easy for attackers to gain access to your systems. Two of the most common password problems are weak and reused passwords. Attackers often use automated systems to guess passwords. The weaker the password, the easier it is to guess. Require your users to have strong passwords that are long and complex.
Your policies should prohibit users from reusing passwords. Reusing passwords makes it easy for an attacker to gain access to multiple accounts. For example, let’s say a user has the same password for their online banking and business email. If their bank becomes breached, that attacker now has information to access an email account at your business. From here, the attacker could impersonate the user, sending malicious emails throughout the company.
Lastly, your organization should create a standardized schedule for password resets. A standardized schedule improves security and keeps password policies top of mind for users.
Clear Desk Policy
Cybercriminals may use in-person tactics. Implementing a clear desk policy can prevent an attacker who visits your organization, an employee who’s an insider threat, or someone who wants to capitalize on an opportunity from stealing or leaking data. Require users to lock their computers when they are not at their desks. Any document containing personally identifiable information (PII), intellectual property, or sensitive information should be locked in a restricted storage area to prevent unauthorized access.
Security Awareness Training
Cyberattacks have become more sophisticated, making it difficult for users to tell the difference between cybercriminals and trustworthy sources. KnowBe4 reported that “…1 out of 3 employees was likely to click on a suspicious link or email or comply with a fraudulent request…” in their Phishing by Industry 2022 Benchmark Report. The good news is that this same report showed that users could substantially reduce their risky behaviors with phishing awareness training.
Human error often happens because users don’t understand the level of risk associated with their actions, and they are not familiar with the tactics used by cybercriminals. Comprehensive security awareness training educates users on identifying attacker tactics and actionable steps they can take if they notice something suspicious. Organizations should also consider phishing-specific awareness training as phishing is one of the most common attack vectors.
Businesses should conduct user awareness training regularly. After users have completed awareness training, your organization should verify the effectiveness of that training by conducting a phishing test. These processes will help you identify your organization’s risks and help you further develop your training.
Reducing Risk
Even a human with the best intentions can make a mistake. Unfortunately, no matter how innocent the error, it can lead to a breach. In addition to cybersecurity policies and user awareness training, implement tools to strengthen your access rights and controls, and monitor your network for suspicious activities.
Multi-factor Authentication
If an attacker obtains credentials to your business, having multi-factor authentication (MFA) implemented can prevent the attacker from accessing your network. With MFA, a user needs to enter another factor like a code via an app or text in addition to their username and password. So, an attacker would require a user’s cellphone and credentials to log into their account.
Set Expectations with New Employees
A new trend has emerged that targets new hires directly, taking advantage of the victim’s status as a new employee. Attackers prey on those who have recently announced new roles on social media websites such as LinkedIn. Attackers find the target’s phone number on a data brokerage website and use it to send an SMS phish while pretending to be an executive from their new employer. The SMS phish will often ask for either gift cards or sensitive data. New hires must have appropriate security awareness training to combat this new social engineering tactic. Share with your employees what standard communication from the C-Level or executives in your company would look like so that it is easier to spot a fake. Lastly, new hires should be advised to limit posts about new positions on social media to give these threat actors fewer opportunities to strike.
Active Security Monitoring
Organizations can make the mistake of assuming that they have security monitoring when they only have performance monitoring. Security monitoring detects your network’s suspicious activities and security incidents, while performance monitoring only checks for functionality.
If a human error allows an attacker to access your network, security monitoring can help your security team detect the attacker’s activities. It can be difficult to identify an attacker’s behaviors when masked by a legitimate account. Implementing a security event and information management (SIEM) platform helps security analysts identify an attacker’s behavior by correlating activities across the network. SIEM platforms allow security teams to investigate a problem before it becomes a breach.
Holistic Cybersecurity
At the end of the day, humans make mistakes. The truth is a data breach can happen even with the best technology and user training. Taking a holistic approach to cybersecurity is the best way to mitigate your risk. Start by evaluating your current cybersecurity risk with our Cybersecurity Checklist.
After completing your evaluation, reach out to discuss your current cybersecurity posture with our technical experts. Coretelligent has years of experience providing the holistic, real-time protection and threat intelligence needed to safeguard your critical systems and data and maintain compliance.