The 2019 Basics of Information Security
The role of IT security professionals is to diligently work to reduce the exposure of corporate assets to cyber criminals. These methods range from the simplicity of locking workstations while an employee is away from their desk to utilizing artificial intelligence that interprets Internet traffic anomalies. Following a common sense approach to information security can significantly reduce the potential for loss due to cybercrime. This will focus on a few methods to help reduce risk exposure.
Protect your applications
The single most effective method to reduce exposure to cybercrime is to make certain that all applications are up to date. Cybercriminals take advantage of vulnerabilities present in older versions of applications. Nearly 60% of organizations that fall victims to data breaches cite the culprit was a known vulnerability that had not yet been patched.
In a corporate setting, application updates are generally scheduled by system administrators. However, personally owned mobile device applications also need to be updated as soon as updates are available. The Equifax data breach exposed the name, social security number, date of birth, and home address of 143 million people. The breach occurred because hackers were able to exploit a known vulnerability of an unpatched application. In 2019, both Facebook and First American Financial Corporation had a total of 1.4 billion affected records due to data breaches because of the lack of security and patches done to their networks.
Protect your endpoints
An endpoint is anything used to run applications or access data. The two most common endpoints are laptops and mobile phones. Not only is it vitally important to take the necessary steps to physically secure your mobile phone and laptop but updating the operating system of endpoints is as important as updating applications. Does everyone know how to bypass the iPhone lock screen passcode? It is fixed in the latest release of the iPhone operating system. Cybercriminals may want access to your mobile device simply to gain access to corporate and personal contacts that they will then use in spam and spear phishing campaigns against corporate executives.
Protect your data
Trustworthy and honest employees never intentionally leak company data or sensitive information out to the public, but it can happen on accident. Sharing a picture online with a whiteboard or computer screen in the background might be one of the most overlooked aspects of this. As a best practice, training employees beforehand on the dangers of posting to social media while at work can help mitigate these risks. As an additional protection to its employees, businesses can also create and distribute business policies that cover topics such as destroying data that is no longer needed and how to report suspicious activities and ransomware.
Enable multi-factor authentication
Multi-factor authentication (MFA) is a security measure that requires more than one method of authentication from different sets of credentials to verify the user’s identity. An example of this is using a combination of your login credentials (user name and password) along with a random code generated and sent to your mobile device to then enter as part of the login process. This can be used to log in to a company email or to access a company’s network containing sensitive information. Enabling this security measure throughout your business is simple and provides an extra layer of protection to your data.