Like Pi, Cyber-Threats Never Cease: Here Are 5 Ways to Combat Them
Cyber-threats have a number of things in common with pi: They never cease, are not predictable and the only “sure thing” is that they are always changing. Here are tips for dealing with threats.
Don’t Be Irrational; Create Acceptable-Use Policies
To prevent breaches from occurring, organizations should create acceptable-use policies. Acceptable-use policies are meant to be internal guiding principles to regulate employee use of computers and the Internet. While these policies can vary company to company, it’s important to implement a cross-board standard to reduce the overall network surface area of an attack. The more freedom organizations grant their employees to select and customize operating systems, applications and computing devices and to use the Internet, the less secure the organization’s IT infrastructure will be.
You Don’t Need to Be a Mathematician to Understand Infection Vectors
Train, or at least warn, users about the common infection vectors for the threats they’re most likely to encounter. These tips and warnings can include the following: Don’t download apps from unofficial sources, resist the temptation to search for free or cracked versions of popular apps, don’t surf porn, and finally, don’t jailbreak a phone—i.e., don’t override the phone’s inherent security. In addition, users should be wary of connecting to free or unsecured WiFi networks, and pay attention to any warnings if they do.
Nefarious Activity + TLDs = Shady
Businesses should be aware and vigilant about the online neighborhoods they visit. Even the “safest” top-level domains (TLDs) are not without risk of threats from nefarious players, and it remains as critical as ever to have strong digital security protection and policies in place. Businesses should consider blocking traffic to the top five riskiest TLDs: .zip, .review, .country, .kim and .cricket (as identified by Blue Coat’s “The Web’s Shadiest Neighborhoods” report).
Multiply Your Use of SSL/TLS Encryption
Breaches can’t always be prevented. The rapid adoption of cloud apps and services dramatically expands and complicates the IT environment, accelerates Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted traffic use and expands the risk surface for attacker exploitation. Applications such as social media, file storage, search and cloud-based software increasingly use SSL/TLS as their communications foundation.
Don’t Make Breaches a Perpetual Problem
It’s important to implement data breach detection and analysis. One of the most damaging factors to companies when a breach does occur is the associated financial ramifications, which directly relate to the type and amount of information exposed. For many organizations, they find themselves in a predicament of not knowing what was exposed, making the clean-up process more complicated. By knowing what happened, and what information was exposed, companies can save millions of dollars. Monitoring recordings and putting processes in place to track and record can help to avoid this challenge if a breach occurs.