Every business and organization needs to take a holistic approach to cybersecurity. To that end, providing resources and training staff members to maintain good security practices should be a top priority. We interviewed Alex Heid, chief research officer at SecurityScorecard, and gained some insight into how companies can improve their digital security practices.
According to Heid, spear phishing is one of the biggest headaches for companies:
Targeted spear phishing attacks are one of the most common and effective means of gaining unauthorized access to an enterprise network. Attackers will profile specific individuals within an organization before engaging the targets, and then directly contact them via email, social networks or other out-of-band communications (phone calls, SMS, etc).
Indeed, spear phishing is an excellent example of how layers of security are becoming compromised by end-user behavior. When employees become too comfortable with procedures, Heid notes, they develop poor password habits and bad cybersecurity hygiene. He advises providing new employees with training for how to recognize social engineering, as well as offering the occasional refresher course, adding:
Verification of any requests that are out of the ordinary should be conducted, and regular reminders about the risks of social engineering attacks should be part of internal communication campaigns.
Creating a culture of security can help bolster companies against potential threats and ensure that all teams are on the same page. When an organization presents a united front, third-party bad actors have a much harder time gaining access to sensitive data.
Heid also recommends implementing security measures at each stage of a project to avoid the challenges associated with retrofitting best-practices on top of working technologies. If all levels of your project, launch or product, are part of your infrastructure, there should be far fewer conflicts.
Image courtesy of Shutterstock.