National Cyber Security Awareness Month (NCSAM) launched in 2003 to create awareness on adopting cybersecurity best practices. 15 years later, this annual initiative continues to raise awareness about the importance of cybersecurity across the globe. With the rise in cybercrime in India, we need to collaborate to stay protected from cyber threats and increase our resilience over a period of time.
According to a recent Sophos The State of Endpoint Security survey, 31% of Indian organisations expect to be victims of a cyber attack in the future. While the Dirty Secret of Network Firewalls survey indicated that 30% IT managers think their organization’s current defenses are not sufficient to block cyber threats they have seen in the past year.
Commenting on the concerns of Indian organisations about their security capabilities, Mohit Puri, director sales engineering at Sophos India & SAARC said: “It is important that organisations adopt a defence-in-depth cyber security strategy to better protect their environment. They should aim for inclusion of every employee in increasing cybersecurity robustness, along with deployment of comprehensive and connected cybersecurity solutions across their entire network estate from network to endpoint resources.”
Our team at Naked Security offers some practical tips that can help deliver a stronger foundation to better protect against the ever-evolving threat landscape.
Patch early, patch often
Brand new vulnerabilities and exploits hog the limelight of security news.
Because you couldn’t have patched ahead, they’re known scarily as “zero-days.” But if you’re worried about brand new attacks from cutting-edge crooks, you should also worry about automated attacks against old holes that are well-known and easy to exploit.
People often put off patching either to save time or because they’re scared something might break. The problem is that the longer you leave it, the more time it will take when you get around to it.
Pick proper passwords
With some many online apps and software to manage, how many of us are guilty of using the same password for all the accounts? It’s important to make all new passwords different and hard to guess. Criminals are now using tools that sniff out passwords reused on other sites to make their work easier and to make the stolen passwords and data more lucrative on the dark web. If in doubt use our How to Pick a Proper Password video to help.
Prefer two-factor authentication
Come up with a checklist that you use before giving someone remote access to your network. Remember that it’s not enough to trust the person: you also have to trust their computer, because a PC with malware on it that connects to your network is essentially letting cybercriminals in with it.
And consider requiring all remote users to have two-factor authentication (2FA). It costs a little more, and it is slightly less convenient when you come to log in. But it helps to prevent egregious attacks where a criminal steals (or guesses, or buys) one of your user’s passwords today and then uses it at their leisure to raid your whole network.
Patrol the entry points
One weak point is all it takes to allow the hacker access to the system and the ability to move around the network and cause more damage. Smaller organisations in particular often forget to close down access points that are not being used and this is an open door for hackers to gain entry and once inside they can move around and place malware onto a network.
Heed warnings and look at your logs
Don’t collect logs just so you can look back after a breach. Use them proactively to watch out not only for attacks but also for the otherwise-innocent behaviour you want to improve anyway. If the logs from your patch assessment tool are trying to tell you that your remote sales guy in Mumbai somehow missed out on the last three Microsoft Word updates, do something about it!
Spot the Phish Threat
Phishing attacks have shown record growth in recent years, and employees are the most vulnerable target in most organizations. It is important that organisations include a robust security awareness program in their defence-in-depth strategy. It is crucial to educate your end users to recognize phishing and socially engineered attacks, through automated attack simulations, engaging awareness training, and actionable reporting metrics.