As 2018 quickly comes to a close, it’s important to be prepared for both existing and emerging cybersecurity threats in 2019. Based on what we know of 2018’s top cyberattacks and insider threat incidents, and what we predict is on the horizon for next year, we’ve compiled a list of essential cybersecurity best practices every information security professional should have in their arsenal.
1. Consider creating a dedicated insider threat role.
Insider threats are on the rise, across all industries and company sizes (and they can cost organizations on average of $8.76 million per year). Stopping insider threats, for this reason, should be a team sport.
A dedicated insider threat professional can bring together the cross-departmental teams needed to quickly detect, investigate, and respond to insider threat incidents when they do occur. This role can also help your team become more proactive by assembling the right policies and tools to prevent insider threats from happening in the first place.
2. Conduct phishing simulations.
According to Verizon’s 2018 Data Breach Investigation Report, phishing attacks are still as prevalent as ever, but in an analysis of phishing simulations, 73% of people did not click on a single malicious email all year (bravo!)
An important aspect of cybersecurity awareness training is helping employees understand how phishing attacks may manifest themselves in their day-to-day lives. As social engineering attacks and credential theft attempts become more sophisticated, investing in phishing simulations creates a safe space to test employees’ knowledge.
3. Educate employees on cybersecurity policies for remote work and business travel.
We recently surveyed 1,000 employees about how they access corporate networks during work travel, and 77% admitted to connecting to free public Wi-Fi networks (which are typically unsecured) using corporate computers and phones. Only 17% of respondents said they always use a VPN when they’re away from the office.
With the remote work trend on the rise, employees need to know that sacrificing security for convenience isn’t an acceptable tradeoff. Nearly half of employees aren’t aware of their travel or remote work cybersecurity policies — so it may be time for a refresher (or to establish these guidelines if they aren’t already in place!)
4. Prioritize employee privacy.
Even a quick look at the tech news headlines from 2018 shows that data privacy awareness and sensitivity is at an all-time high. Not to mention, GDPR regulations and others coming down the pike (such as California’s Consumer Data Privacy Law) make data privacy a business imperative.
Prioritize employee privacy by anonymizing any data you collect from them in an insider threat prevention capacity, and communicating clearly about how cybersecurity policies impact their privacy in any way.
5. Create a cybersecurity awareness training program.
Consider this: two out of three insider threat incidents are caused by employee or contractor mistakes, and mistakes are preventable! Now is the time to invest in cybersecurity awareness training. In fact, according to SANS, 85% of cybersecurity awareness professionals reported that their work had a positive impact on the security of the organization.
If you’re wondering where to start, check out our Coachable Moments series, which regularly features cybersecurity awareness tips. Cliff’s Notes version: find multiple channels to reinforce your cybersecurity policies in employees’ day-to-day work (since no one wants to read a long, boring document).
6. Inform third-party contractors of the cybersecurity policy.
According to a recent NPR/Marist poll, one in five jobs are held by freelance workers, and that trend will only continue to rise. Many organizations reap the benefits of third-party contract work, but few educate these contractors on cybersecurity policies and best practices that may affect their day-to-day workflows. Ensure these workers are aware of your policies and know how to adhere to them.
7. Monitor both user and file activity.
We predicted that savvy, malicious insider threats will take advantage of multiple channels to exfiltrate data and hide their tracks in 2019, which means that having the right user and file activity monitoring solution in place is one of the best methods of prevention. Solutions like DLP that focus on the data, and not user activity, often fall short of stopping malicious insider threats in their tracks.
8. Be vigilant of state-sponsored threats.
We’ve seen a lot of headlines in 2018 about international threats targeting U.S.-based companies, including Amazon’s high-profile insider threats in China. Employees at companies within high-value industries, including banking, technology, healthcare, and more, may face major incentives to exfiltrate and sell data to foreign governments. Understanding the motivations of nation-state insider threats is crucial, so you’ll be able to spot patterns of suspicious activity.
9. Enforce the use of a password manager, SSO & MFA.
It sounds like an obvious faux-pas to the cybersecurity professional, but the use of weak or repeat passwords is still rampant among workers today. If you can’t teach employees how to reliably create hack-proof passwords, then adopting and enforcing a quality password manager is another great option. If you haven’t already chosen a password management solution, check out this post on the benefits and risks of password managers.
Other account security measures such as single sign-on (SSO) and multi-factor authentication (MFA) should also be enforced across the board, taking as much margin for user error out of the picture as possible.
10. Audit privileged access.
If you haven’t done it in a while, check how many users have privileged access to sensitive areas of your servers, and ask whether each person’s level of access is really necessary. Privileged access tends to creep up on organizations over time, as certain people leave the organization, change roles, or no longer work on tasks related to their admin credentials. If you find this issue is repeatedly happening at your organization, it may be time to adopt a system of temporary or rotating credentials.
We hope that adopting these best practices can help your organization reduce unnecessary risk in 2019.
What tip have you found most useful in 2018? What new strategies will you adopt next year? Let us know on Twitter @ObserveIT.