Cross-platform messaging app, WhatsApp, earlier this week announced that it was breached. This breach left users unknowingly vulnerable to malicious spyware installed on their smartphones. The security vulnerability affected both iPhone and Android devices, with WhatsApp urging users to update their apps as soon as possible.
In light of this security breach, today’s blog article will share best practices to help firms keep their names out of the headlines. Sometimes it’s the basics we forget about so here are four evergreen tips we recommend businesses to follow for robust IT security and infrastructures.
Tip #1 - Guard Your Network
In addition to utilising highly secure cloud platforms and/or investing time and money into building and maintaining a secure Comms. Room for infrastructure and physical devices, firms are advised to ensure the right practices are in place to protect the just as important nontangible assets - their networks. Here’s are some tips from our experts on how to do this:
- Carefully consider who requires access to your network, along with the level of access needed on a per user basis. Granting unlimited access to only trusted users will reduce the chances of any malicious content being introduced to your network.
- Creating strong passwords and authentication requirements systemwide. Whilst this may seem an obvious thing to do, it can often be overlooked when passwords are being changed frequently in a bid to boost security. Our recent blog share tips on creating strong passwords.
- Timely patch management is a must as well.
- It is also good practice to create a separate WiFi network for guests visiting your firm. This is so that anyone outside of your organisation does not have access to your firm’s core network, avoiding any disruptions to your daily business operations.
- Lastly, close monitoring of networks and devices is crucial to detecting and mitigating any threats. The quicker you spot a threat the better chance you have to avoid a breach.
Tip #2 - Build and Nurture a Security-Centric Organisational Culture
Human error is arguably the weakest link in the security chain of any organisation, with hackers using increasingly deceiving tactics to exploit employees. Social engineering and phishing attacks gain the trust of users, encouraging them to grant malicious cyber criminals access to confidential information, click on malicious links and fill out their details on bogus websites.
Along with the various security tools deployed to combat such attacks, firms and their employees should be aware of the ongoing role they play in the cyber safety of the firm. This requires businesses to build and nurture a security-centric culture. This can be achieved through taking the following steps:
Firms are advised to conduct frequent managed phishing tests to assess if employees can successfully identify new phishing techniques and threats, and, to provide training in areas that require improvement. You can find out more about how managed phishing and training works here.
It is also good practice to involve employees at all levels in the suggested programme, as well as to document results in the form of quarterly reports to track and compare progress over time. This is a great method to determine your organisaion’s overall security stance. In a recent webinar, we explored building a human firewall with confident employees. View the full recording here to learn phishing best practices shared by our Business Continuity and Data Privacy experts.
Buy-in from the senior management team is crucial to securing the funds and focus needed to create and maintain a security-centric organisational culture. To get the green light from board members, it is important to ensure they understand the consequences that the business may be faced with if users are not confident enough to recognise the changing faces of threats in today’s landscape.
Tip #3 - Maintaining Security Outside the Office with Multi-Factor Authentication
In today’s working world, it is essential for firms to understand and educate its employees on the importance of extending security practices to beyond the walls of the office. The use of smartphones and tablets has become widespread as has remote working. Through implementing multi-factor authentication (MFA) on such devices firms can ensure secure remote working for its employees.
MFA is an authentication method by which a user is only granted access to a device after successfully presenting two or more pieces of evidence (factors). These are knowledge, possession and inherence based. You can read our recent blog article on MFA to learn more about this security tool and how it can help secure your network both inside and outside the office.
Tip #4 - Monitor the Dark Web and Respond
Across the dark web criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. Once in a system, malicious hackers steal financial assets, uncover trade secrets and exploit the vulnerabilities of users. To stop this threat firms must monitor the Dark Web and respond.
Dark Web Monitoring is a vital security practice that should be adopted by companies of all sizes and technology deployments (i.e. cloud or on-premise), and is offered by trusted IT providers. So, how do we implement this you ask? If outsourcing this task to experts, simply provide a watchlist of assets including IP addresses, email addresses and domains for cybersecurity intelligence analysts to monitor across the dark web on a 24x7 basis. If exposed credentials of an active user are matched, the IT provider will alert the respective user to reset their password at next login.
View our datasheet on Eze Dark Web Monitoring to learn more.
Categorized under: Security