When it comes to keeping your data and network protected from cyber criminals, you need both technical and non-technical layers of security. One without the other won’t do and in fact, they’re better together. Cybersecurity awareness training is the best non-technical way to defend against intrusions due to human error, poor judgment, or plain lack of knowledge, but you can improve your human line of defense when you combine technical and non-technical security tactics.
Here are three recommendations to enhance employee behaviors that have to do with cyber criminals’ favorite targets – online accounts, email, and data storage.
1. Multi-Factor Everything
Taking over employee accounts is a prime goal of cyber criminals. In fact, there’s a level of cyber bad guys that do just this – take control of online accounts and then sell access to someone else who will bring in malware, or use the account to snoop around for information that will lead them to a bigger target or payout.
If a password is the lock on the door, multi-factor authorization (MFA) is the deadbolt. It might be possible to crack the password but getting through an MFA barrier is a lot harder because it requires something that’s in the account owner’s possession like their phone.
There are different ways to implement MFA and Microsoft’s authenticator app makes it possible for people to skip the whole password step all together.
2. Protect Against Business Email Compromise
Email is a favorite target of cyber criminals because it’s a door into your network and a way that they can gather intelligence for a targeted attack. Use a spam filter and make sure that it’s flagging external emails. That way your people get an additional sign that an email is suspicious even if it resembles a legitimate message.
In your security and acceptable use policies, insist that employees do not use business email for personal use or vice versa. If this happens, it’s usually a matter of convenience. For example, making a business purchase with a personal credit card that’s connected to a personal email address.
While we’re talking about email, don’t assume that your messages are 100% secure unless you’re using an encryption tool. Encryption works like a secure tunnel that scrambles email messages while they’re on route and unscrambles them when they get to the recipient.
3. Centralize Data Storage and Control Access
Discourage employees from storing files locally on their computers and have them use your server instead. In order to be backed up, files need to be visible and that usually means they need to be on the server. If you use SharePoint or OneDrive you can count on Microsoft to provide some beefy layers of security for the information stored on the Azure cloud.
Additionally, when files are all stored in a central location, you can manage permissions to control access. It’s a good practice to document what data is required for each job role but then control access with permissions.
Include employee offboarding in your data storage and access policies. When an employee leaves, there should be no question as to whether they can get to company data. That goes for access to company accounts too.
DEFEND Against Cyber Attacks
Here at XPERTECHS, we do everything with security in mind. While we work with each client to create a security strategy that matches up with their unique risk tolerance and business needs, our baseline security services exceed those of other managed IT service companies.
Our security expertise is third-party verified by SOC 2 certification. By having our own Security Operations Center (SOC) our clients get a high level of security management whether they need to comply with privacy regulations, or just want to be confident of their security stature.