With the ever-growing amount of security breaches in the news, you need to take action before the next headline is about your organization. But, it can be overwhelming to decide where to begin. While developing a strong security posture takes time and continual revisiting, there are some simple key actions you can take in the next month that will set the stage for long-term security success.
1. Set up a Multi-factor Authentication (MFA) policy – on both work and personal devices.
It’s no longer enough to rely on a single password to protect your organization’s valuable data- especially when employees are using the exact same or simple variations of the same password on all accounts. But, even if these employees were using password best practices, many hackers would still be able to crack the code.
Take a look at the Timehop and Macy’s security breaches that occurred earlier this month. These two breaches are thought to be caused by a weak login authentication. In a remediation effort, both Timehop and Macy’s have employed MFA.
Simply put, MFA is an easy way to provide an extra layer of security by requiring the user to enter at least one more additional security detail on top of their password.
Here’s a few easy tips to remember when implementing an MFA policy at your organization:
- Enlist support from upper management and IT to ensure all staff members are aware of your new MFA policy.
- Maintain positive user experience through the use of an easy-to-download authenticator app or mobile number requirement.
- Enforce MFA on personal devices for employees that may access the network from remote locations.
2. Create a culture of security awareness by winning over leadership and getting the entire staff on board.
One of the biggest challenges for security professionals is proving the value of investing in security to their leadership or their management. While many leaders may traditionally view security as a hinderance to their organization’s productivity, it is imperative to help them recognize the benefits security has. After all, the average security breach can cost an organization $3.86 million (Ponemon 2018 Cost of a Data Breach Study), not to mention the irreparable damage to your reputation and credibility.
With a growing number of breaches resulting from employee error, an educated staff is one of the most critical parts to a strong security posture. Keep these tips in mind this month as you work towards fostering a company-wide security awareness culture:
- Engage impactful personalities within the firm to demonstrate leading by example.
- Establish a set of clear security policies and provide refresher training sessions quarterly to ensure the staff is up-to-date.
- Explore ways to provide relevant educational, training, and/or awareness opportunities to various departments and position level of employee (e.g. middle management versus section head).
3. Establish regular security scanning, penetration testing and Red Team exercises.
Regular scanning and penetration testing (pen-testing) is a necessity when it comes to identifying vulnerabilities in a security environment. However, not all pen tests are created equal. With the rise of physical and human threats, there is no time for complacency. It’s important to assure you have full visibility into your security stance by testing for all possible vulnerabilities.
Re-evaluate your pen-test practices this month with these simple guidelines:
- Assess all the different entry points into your organization- this will help you understand what the business impact is to your environment for vulnerabilities that are discovered.
- Incorporate Red Team exercises into your pen-testing schedule to identify more than just IT vulnerabilities.
- Test incident response procedures and intrusion detection/prevention devices in addition to asset vulnerability.
Overseeing security is a great responsibility- but it doesn’t have to be intimidating. Stay focused and take proactive, manageable steps each month to work towards building up a strong security posture.