Businesses invest in all kinds of technologies to prevent cybercriminals from breaching their systems. Implementing firewalls, antivirus, and endpoint protection, organizations hope to put a barrier between an attacker and company data. Even though these tools can be very effective when implemented correctly, there’s a catch. Cybercriminals often bypass perimeter security measures by focusing their efforts on one thing, humans.
That’s right; humans play a critical role in data breaches. Attackers look for human errors to exploit and use social engineering tactics like phishing to obtain sensitive information and credentials. Once a cybercriminal possesses stolen credentials, they will look for ways to move laterally throughout your network.
So how do you put a firewall around humans (figuratively, of course)? You need to establish strong cybersecurity policies and provide user awareness training. User training and awareness are so critical to cybersecurity that The Office of Compliance Inspections and Examinations (OCIE) identified them as key factors in its Cybersecurity and Resiliency Observations report.
To prevent users from putting your business at risk, create robust cybersecurity policies.
Make sure your organization has password policies. Bad password habits make it easy for attackers to gain access to your systems. Two of the most common password problems are weak and reused passwords. Attackers often use automated systems to guess passwords. The weaker the password, the easier it is to guess. Require your users to have strong passwords that are long and complex.
Your policies should prohibit users from reusing passwords. Reusing passwords makes it easy for an attacker to gain access to multiple accounts. For example, let’s say a user has the same password for their online banking and business email. If their bank becomes breached, that attacker now has information to access an email account at your business. From here, the attacker could impersonate the user, sending malicious emails throughout the company.
Lastly, your organization should create a standardized schedule for password resets. A standardized schedule improves security and keeps password policies top of mind for users.
Clear Desk Policy
Cybercriminals may use in-person tactics. Implementing a clear desk policy can prevent an attacker who visits your organization, an employee who’s an insider threat, or someone who wants to capitalize on an opportunity from stealing or leaking data. Require users to lock their computers when they are not at their desks. Any document containing personally identifiable information (PII), intellectual property, or sensitive information should be locked in a restricted storage area to prevent unauthorized access.
Security Awareness Training
Cyberattacks have become more sophisticated, making it difficult for users to tell the difference between cybercriminals and trustworthy sources. KnowBe4 reported that “1 out of 3 employees was likely to click on a suspicious link or email or obey a fraudulent request…” in their Phishing by Industry 2020 Benchmark Report. The good news is that this same report showed that users could substantially reduce their risky behaviors with phishing awareness training.
Human error often happens because users don’t understand the level of risk associated with their actions, and they are not familiar with the tactics used by cybercriminals. Comprehensive security awareness training should educate users on identifying attacker tactics and actionable steps they can take if they notice something suspicious. Organizations should also consider phishing specific awareness training as phishing is one of the most common attack vectors.
Businesses should conduct user awareness training regularly. After users have completed awareness training, your organization should verify the effectiveness of that training. Conducting a phishing test will help you identify your organization’s risks and help you further develop your training.
Even a human with the best intentions can make a mistake. Unfortunately, no matter how innocent the error, it can lead to a breach. In addition to cybersecurity policies and user awareness training, implement tools to strengthen your access rights and controls, and monitor your network for suspicious activities.
If an attacker obtains credentials to your business, having multi-factor authentication (MFA) implemented can prevent the attacker from accessing your network. With MFA, a user needs to enter another factor like a code via an app or text in addition to their username and password. So, an attacker would require a user’s cellphone and their credentials to log into their account.
Active Security Monitoring
Organizations can make the mistake of assuming that they have security monitoring when they only have performance monitoring. Security monitoring detects suspicious activities and security incidents on your network, while performance monitoring is only checking for functionality.
If a human error allows an attacker to access your network, security monitoring can help your security team detect the attacker’s activities. It can be difficult to identify an attacker’s behaviors when they are masked by a legitimate account. Implementing a security event and information management (SIEM) platform helps security analysts identify an attacker’s behavior by making correlations between activities across the network. SIEM platforms allow security teams to investigate a problem before it turns into a breach.
At the end of the day, humans make mistakes. The truth is a data breach can happen even with the best technology and user training. Taking a holistic approach to cybersecurity is the best way to mitigate your risk. Coretelligent’s CoreArmor provides comprehensive security with user awareness and phishing training, real-time intrusion detection, and around the clock monitoring by our in-house Security Operations Center.