Embracing Cybersecurity Best Practices, No Matter Where You Are

Friday, October 05, 2018

Mike McKee

1a097da944042b7ffb4af15523c405ba

Your cyber health should be on your mind as much as your physical health, if it isn’t already.

Whether you are at home, in town, in the workplace, or somewhere in-between, our dependence on digital connections has made any potential security gap a tempting target, both from external sources, and the people we may already know and trust. The systems, files, and data available on devices are inherently useful and sellable to someone, making you just as likely a target as your friends, family and colleagues.

With this week kicking off the National Cyber Security Alliance (NCSA) Cybersecurity Month initiative, now is the perfect time to make your home, and your remote workplaces, a haven for online safety.

Getting Comfortable with Cybersecurity

Every person who uses a piece of internet-connected technology, is at risk of their systems, files, and data being compromised or misused. This isn’t fearmongering. This is fact.

Our job as users, and providers, of these technologies, is to always strive to be a better steward in terms of use, access, and interactivity. Visibility, awareness, and alertness are the key!

Insider Threat Incidents Can Occur Anywhere

An insider threat is someone – typically an employee or vendor – with authorized access to critical information or systems who misuses that access either maliciously or accidentally, resulting in a negative outcome.

According to an independent survey conducted by the Ponemon Institute, roughly 63% of insider threat incidents were caused by user carelessness or negligence. We each must know what is happening and what is possible when we choose to connect to online services, neglect device and software maintenance, and share files and data.This is especially true when working remotely using a company owned device or accessing company systems, files, or data.

According to the annual Verizon security report, the top six threats include “using stolen credentials, keyloggers or other spyware, data-stealing malware, phishing, backdoor malware, and malware communicating with command-and-control servers.” Looking back, most of these threats start with an insider intentionally or accidentally opening the door to new threats.

What can we learn from this? Whether we are at home or in the office, we can’t get too comfortable and let our collective guards down. The moment we do could be the moment that we open a door to new risks or cause an insider threat incident.

Cybersecurity Tips for the Home Office

Here are some basic tips for improving your cyber health at home and on-the-go:

1. Connect with Consideration

How you connect to the internet is a critical first step to ensuring your safety while online. This doesn’t just mean ensuring that your WiFi is encrypted, guest access is off, and strong passwords are in place and are on frequent rotation…though these are all very important as well.

Your router and wireless access points are sophisticated pieces of hardware, and as such, often need updating to ensure that they function correctly with all connected devices. They also need frequent updates to remain secure.

Router hardware vendors like D-Link, Linksys and others, are increasingly pushing out firmware updates to their systems to keep up with new cybersecurity risks. It is up to you to ensure that these updates are installed, so make sure that you regularly log into these devices to see if an update is available

2. Manage Software & Devices Regularly

When a software update pops up on your computer or device, do you immediately install it, or do you exit out of it in frustration? More likely than not, it’s the latter, and that’s a big problem from a cybersecurity standpoint.

Keeping your software versions and hardware firmware and drivers up-to-date is crucial to minimizing risk of a cybersecurity incident. Malicious individuals often scope out older versions of software because of known gaps or bugs that enable them to have an easier entry point into systems.

This may be a bit of a no-brainer, but swift and frequent software updates is essential to keeping yourself safe. While it may be inconvenient, it is far more inconvenient to have to clean up after an incident!

Updates are also critical when it comes to your passwords. By regularly rotating your device and application passwords, using longer strings, setting up two-factor authentication, and never using a password more than once, you’re decreasing the risk that your password will be compromised

3. Be Aware While Sharing Data

How someone uses and share their data is quite possibly one of the biggest modern risks to individual and organizational cyber health. To better avoid an external breach, or being an insider threat incident waiting to happen, always be aware of what you are doing with the data that you have access to.

First, if you are working remotely, try utilizing your organization’s VPN (virtual private network), if there is one available. This will extend the security of the network at your office to your device to make sending and receiving data as secure as if you were directly on the office network.

Also, if you are about to use a third-party cloud storage service, you should first confirm if it is against your organization’s cybersecurity policy. The more systems, files, and services you interact with, the more variables of risk are at play!

Remember: Visibility, Awareness, and Alertness

Much like your physical health, there is no way to guarantee cyber health. However, by having visibility and awareness of the risks of all online interactions, and being alert to any potential threats, you can start to improve your cyber health, no matter where you are.

About the author: Mike McKee brings over 20 years of cross-functional, global experience in technology to ObserveIT. Previously, Mike led the award-winning Global Services and Customer Success organizations at Rapid7, served as Senior Vice President CAD Operations and Strategy at PTC, and Chief Financial Officer at HighWired.com.

Possibly Related Articles:
30146
Enterprise Security Security Awareness Security Training
Best Practices cybersecurity security gap Insider Threat
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.