According to the ISACA State of Cybersecurity 2019 report, 69% of IT admins say their departments are understaffed. And yet, security breaches continue to happen at an exponential rate. IT organizations, understaffed or otherwise, are struggling to battle modern cyberthreats.
If you’re wondering how to keep up with security, even if you feel understaffed, we’ve compiled a list of cybersecurity questions to provide IT departments with insight. Such a mindset is required to battle the creative attacks used to obtain both personal and financial information from organizations worldwide.
Is Everyone Trained to Keep Cybersecurity in Mind?
The number one attack vector for an organization is and likely always will be a compromised identity. Attackers utilize a host of methods to compromise a user’s credentials. This includes, but is not limited to:
- Social engineering
- Phishing attacks
- Brute force attacks
- Man-In-The-Middle (MITM) attacks
Most of these methods were introduced alongside the internet and on-prem equipment. The fact that users are still left unaware of these types of pernicious intrusions can have devastating effects on the security of an organization. To best counteract these exploitive methods, make sure everyone in your organization is aware of these attacks.
What Are You Doing Now to Prevent Cyber Attacks?
When it comes to securing both physical and cloud-based assets, it’s important to evaluate how you’re protecting your infrastructure from potential hackers. Are all on-prem hardware and anti-virus solutions properly configured and up to date? Have firewalls been routinely checked for misconfigurations?
If possible, consider moving your core identity provider to the cloud. Through cloud-based identity and access management (IAM), IT teams can manage and control user access to a wide range of IT resources along with systems such as Windows, Linux, and Mac. Additionally, cloud IAM includes security measures like multi-factor authentication and SSH keys as a service, which provides admins with all the tools they need to keep IT infrastructure secure.
What 3 Actions Can You Take to Reduce Your Risk?
The knowledge that hackers have such devastating impact on the financial welfare of businesses is enough to keep admins up at night. Before going out and trying to bulk up security with numerous third-party applications, evaluate existing practices/infrastructure to see if there are steps that can be taken to make it more secure.
- Is your department ensuring that the right people have access to the right systems, applications, and networks? Unmonitored user access to sensitive information, by way of Shadow IT, for example, can lead to a number of cyberthreats.
- Are users creating effective passwords? IT departments need to enforce a strict password policy and multi-factor authentication for all users. Be sure to mandate that users create long, complex passwords with a variety of characters and uppercase/lowercase requirements.
- Are wireless networks secure through the RADIUS protocol? Is your department encouraging users to utilize VPNs when on public WiFi networks?
Taking these steps ensures that users reduce the risk of divulging sensitive information such as credentials.
What Do You Do If/When You’ve Been Hacked?
The most important lesson in the world of cybersecurity is to communicate when you think you’ve got a problem on your hands. Make sure users are aware that they should let their supervisor/security team know if they’ve received any suspicious emails or clicked on any links that have you feeling apprehensive.
In regard to organizations, make sure to enact an incident response plan so that everyone in the company is on the same page when it comes to responding to cyberattacks. Make sure this plan is put together in advance, and addresses containing the attack to only the affected system, application, network, or user accounts.
Secure Your Organization Against Cyber Threats
The questions listed above are a great place to start for anyone interested in improving their cybersecurity posture. Want to learn more? We offer a training course for organizations interested in bringing greater security awareness to their users.