Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

August 21, 2017 10 Things

10 Things I know about closing digital security gaps

Michelle Drolet is CEO of Towerwall, a data security services provider in Framingham. You may reach her at michelled@towerwall.com.

10) Delete old accounts.

Delete accounts associated with former employees or temporary contractors; you may prefer to disable access, rather than delete accounts.

9) Monitor multiple attempts.

Be vigilant for failed logins and multiple attempts to access deactivated accounts.

8) Watch the hen house.

Profile user behavior so logins at odd times of the day or night, or logins from new devices, are flagged.

7) Authenticate access.

Enforce multi-factor authentication wherever possible, ensure passwords and usernames are fully encrypted, and configure and authenticate centrally.

6) The bigger, the more risky.

Careful account monitoring is especially important at large organizations where breaches are more than twice as likely.

5) Repeat simple steps.

Take a moment to remind employees not to click on suspicious email file attachments, even if they seem to be from a family member.

4) Gap analysis.

Perform gap analysis to find where employees lack the skills required to implement your cybersecurity plans and policies. You have to know where they are going wrong before you can steer things right.

3) Training to fill the gaps.

Provide relevant training via outside experts, or conferences and online courses. Make learning modules bite-sized and easy to understand. They must be updated to reflect the latest threats and employees should complete them every few months.

2) Upper management most at risk.

Senior management may be resistant, but they actually pose the greatest risk if a phishing attack (targeting the C-level) is successful, so they should complete the same training.

1) Put a fox in the hen house.

As a way to test how porous employees can be, test staff with a fake phishing email. A bank did this after suffering a data theft, yet 20 percent of its employees clicked on the bogus email.

Sign up for Enews

WBJ Web Partners

0 Comments

Order a PDF