6 cyber best practices for the new year
- By Diane Griffin
- Jan 04, 2016
Happy 2016, everyone!
The new year is a great time to set new personal and professional goals, but as a security professional, I also believe this is the perfect time to assess your company’s current practices for preventing insider threats to your security.
One of the biggest security threats to your business is now coming from people on the inside—not the outside—of your organization.
Spending some time at the first of the year to review your current procedures and networks—and making any necessary changes or adjustments-- will go a long way towards keeping you safe and secure for all of 2016.
Here are 6 best practices you need to review to prevent insider threats:
Review Current Access Privileges
Do you know who in your organization has access to what information? Giving too many employees access to your network increases your chance for a security breach. Schedule a meeting with your human resources and IT teams to go through every position and their current level of network access, making sure each employee has access to just the information he or she needs in order to effectively perform their job.
In addition, I suggest creating a second level of security that limits privileges to any single administrator--such as requiring two people to be involved in protecting or serving your network.
Monitor Online Actions of Employees
If you do not currently have a system in place for monitoring online actions of employees, you need to create one. This type of system will allow you to discover suspicious actions before they become more serious.
“Employees will put your business at risk accidentally or intentionally,” says Nancy Flynn in an article for Entrepreneur.com. “You need to mitigate those risks and keep misdeeds from turning into expensive crises or lawsuits.” Click here for three ways to legally and ethically monitor your employees online and always consult with your legal team should you have additional questions or concerns.
Defend Against Malicious Codes
One of the biggest insider threats we are seeing is when system administrators or privileged users install malicious codes on a network.
“These types of attacks are stealthy and therefore difficult to detect ahead of time,” writes NetworkWorld.com. Implement things that will help you with early detection such as anti-virus programs or regular network scans. Click here for some additional information about preventing viruses in your network.
Implement Strategies for Data Backup and Recovery
Take inventory of your entire network including hardware (i.e. servers and computers), software and data. Then, create a plan to ensure that all critical information is backed up and easy to recover should an IT disaster occur. “The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential,” states the Ready.gov website, which also includes valuable information and tips for how to create backup and recovery strategies.
In addition to making sure all of your employees understand what security policies and procedures exist, they also need to understand why they are in place and the consequences that come should an employee choose to ignore the policies. Review your employee handbook and create a series of employee meetings to specifically discuss security policies and procedures. As you move forward, make security training part of your new employee orientation program.
Incorporate a Continuous Evaluation Program
CEP - By definition, CEP involves the uninterrupted assessment of an individual for retention of a security clearance or continuing assignment to sensitive duties. The CEP program can assist any company that has a vested interested in protecting their sensitive and proprietary information.
Checks such as;
• Multi-State & Federal Criminal Search
• National SSN/Address Locator
• Sex & Violent Offender Search
• Terrorist Search (OFAC Search / Government Watch List)
Here’s to a great—and safe—start to 2016.
Diane Griffin is the founder and CEO of Security First & Associates, and has over 20 years of experience in the defense and intelligence communities, where she has held progressive security leadership and management roles with small to large defense contractors.