Do you exactly know what your IT system users do with the organisation’s business systems? Is it really necessary to worry about how the employees or third party workers use the systems?
According to a recent analysis done by IBM, more than 50% of all cyberattacks are performed by those with internal access. McAfee specifies that insiders of organisations are identified as a major source of PII (Personal Identifiable Information) sold on the dark web.
Employees become malicious for various reasons, intentionally or unintentionally.
Some may turn out be disgruntle due to certain decisions, such as termination of employment, demotions etc. taken by the company regarding their employment and they will respond by acting electronically against the organization. Certain employees may have personal financial issues which lead them to behave maliciously. For example, a worker who undergoes severe financial problems can be lured by a third party adversary to steal important and sensitive information which belongs to the organization. There can be another set of employees which may misuse the systems access as thrill-seekers.
On the other hand, most of the employees may act destructively unknowingly, without any intention to bring any harm to the organization mainly due to the lack of awareness on secure usage of IT systems. For instance, sharing of confidential information with unauthorized parties without knowing the sensitivity and its undesirable effects. Data leakage, compromising of systems, installation of malware due to mistakes.
Certainly, the employees will not like the idea of their online activities is being monitored. Tracking of email conversations, device logs, Internet search history will make them uncomfortable.
However, protecting an organization from insider threats is impossible if you are not looking at them in the first place. Protecting the network only from the threats which comes from outside is not enough. Therefore, implementing a user activity monitoring programme is necessary.
Firstly, an organization should monitor the internet activity patterns of the staff members to identify any anomalous behaviours. The incidents such as If an end user device is communicating with any unknown or blacklisted IP address, if the internet usage is strangely higher etc., any visits to malicious websites should be flagged and reported. The same should be monitored even if the user is connecting to the company’s network remotely.
Strange downloads, unauthorized software/browser extension installations, unauthorized file copying from and to the device, unauthorized activities which they perform with the business systems, sensitive data (PII) sharing via email/ chats, peculiar logon attempts from different locations of the world within a smaller time period, activities regarding personal email accounts/ cloud storage accounts, attempts connect unapproved devices to the network, unnecessary printing of confidential data can be listed as few incidents out of many, which should be monitored regularly.
Monitoring should not perform only in logical aspects but considering physical security aspects as well. Data processing areas always should be checked for any peculiar behaviours of company employees, third party hired human resources such as cleaning staff, vendors etc. There can be incidents such as physical destruction attempts of a servers or the whole data centre, device theft, trying to access servers/ network devices physically.
In addition, it is always better to keep an eye on any suspicious activities of staff members with regard to outside personnel they deal with. For example, this kind of a behavior may lead to unauthorized leakage of upcoming project details of the organization to a competitor.
Last but not least, user activities should be monitored even after an employee left the company. For example, watch for any attempts to use the system login credentials of a past staff member.
However, no user activity monitoring programme is successful unless the identified incidents are swiftly attended and addressed to mitigate the risk.
User activity monitoring should be carried out as a 24x7 process. Automating this operation is more reliable and efficient rather than carrying out manually as the incidents can be triggered in real-time and managed immediately.
Furthermore, all these monitoring logs should be stored securely for a pre-agreed amount of period. All the evidences collected against any insider threat must be properly documented, in order to take appropriate disciplinary or legal actions.
When it comes to mitigating the internally borne threats, there are many aspects to consider. There is no one single solution to cover them all up. Instead, it should be a comprehensive one which consists of active monitoring, rapid incident response, security training and awareness and building a corporate security culture.
In the modern digital era majority of business activities take place digitally. Businesses use data related to their activities to predict the future business trends. Because of this data has become more vital than the human factor. As data is unique and it is irreplaceable. As for humans, could be replaced.
At the same time there are factors which effect the wellbeing of data. If necessary solutions were not implemented to safe guard the data, the organization and the customers both may suffer heavily.
The best solution is to back up the data. Backup copies allow data to be restored from an earlier point in time to help the business recover from an unplanned event. The goal is to ensure rapid and reliable data retrieval should the need arise.
Backup refers to the copying of physical or virtual files or databases to a secondary location for preservation in case of equipment failure or catastrophe. The process of backing up data is pivotal to a successful disaster recovery plan.
A proper backup copy is stored in a separate system or medium, such as tape, from the primary data to protect against the possibility of data loss due to primary hardware or software failure.
Storing the copy of the data on separate medium is critical to protect against primary data loss or corruption. This additional medium can be as simple as an external drive or USB stick, or something more substantial, such as a disk storage system, cloud storage container, or tape drive. The alternate medium can be in the same location as the primary data or at a remote location. The possibility of weather-related events may justify having copies of data at remote locations.
For best results, backup copies are made on a consistent, regular basis to minimize the amount data lost between backups. The more time passes between backup copies, the more potential for data loss when recovering from a backup. Retaining multiple copies of data provides the insurance and flexibility to restore to a point in time not affected by data corruption or malicious attacks.
Best practices suggest a full data backup should be scheduled to occur at least once a week.
The recommendation for strong, unique passwords is in place for several reasons - the first being that every day malicious cyber threat actors compromise websites and online accounts, and post lists of usernames, email addresses, and passwords online. This exposes people’s passwords, and worse yet, they are exposed with information that uniquely identifies the user, such as an email address.
User identification coupled with a reusable password is the most common form of system identification and authorization mechanisms. A password is a protected string of characters that is used to authenticate an individual. Authentication factors are based on what a person knows, has, or is. A password is something the user knows.
Passwords are one of the most often used authentication mechanisms employed today. It is important to ensure that the passwords are strong and properly managed.
To most users, security is usually not the most important or interesting part of using their computers — except when someone hacks into their computer and steals confidential information, that is. Then security is all the rage.
This is where password policies step in. If passwords are properly generated, updated, and kept secret, they can provide effective security. Password generators can be used to create passwords for users. If a password generator is going to be used, the tools should create uncomplicated, pronounceable, nondictionary words to help users remember them so they aren’t tempted to write them down.
If the users can choose their own passwords, the operating system should enforce certain password requirements.
Your passwords are the most common way to prove your identity when using websites, email accounts and your computer itself (via User Accounts).
The use of strong passwords is therefore essential in order to protect your security and identity. The best security in the world is useless if a malicious person has a legitimate user name and password.
Passwords are commonly used in conjunction with your username. However, on secure sites they may also be used alongside other methods of identification such as a separate PIN and/or memorable information. In some cases, you will also be asked to enter only certain characters of your password, for additional security.
People impersonating you to commit fraud and other crimes, including but not limited to:
There are a number of password vaults (otherwise known as password safes or perhaps another term) available for your use - some paid for, some free of charge. These enable you to store all of your passwords in one, easy-to-access location so that you do not need to remember them all, or write them down. You merely need to remember one set of login details.
You should read reviews or get personal recommendations before entering your passwords into a password vault. Whichever you choose, our recommendation is that it features two-factor authentication (2FA) - in other words, it sends a code to your mobile phone or other device, which you need to enter into the password vault in order to gain access, much like when you confirm an online bank payment.
For additional security, we recommend that you encrypt passwords in some way prior to entering them into the vault, although we realise that for the average user, this is not always practical.
Everybody who uses a computer should be assigned their own user account so that only they can access their files and programs. Each user account should be accessible only by entering a username and password in order to safeguard users’ privacy. Other user account features can also be set up in user accounts – including parental controls.
Do not use an account with administrator privileges for everyday use, as malware could assume administrator rights. Even if you are the only user, set up an administrator account to use when you need to carry out tasks such as installing programs or changing the system configuration, and another ‘standard user’ account as your regular account. If you are not logged in as administrator, you will be prompted to enter an administrator password when you install a new device driver or program. You can manage user accounts in Windows Control Panel.
Content will be updated soon
It is a vital fact to understand that you’re not safe right out of the box. Operating systems freshly installed has combination of all the potential flaws and backdoors that can be exploited by hackers. These vulnerabilities can occur in multiple ways, including:
These experts have extensive resources to provide you with industry-accepted standards for all your security needs.
Method of measuring changes in networking, hardware, software, etc. Baselines are created by selecting something to measure and doing so consistently for a period of time. Once you establish a baseline, measure it on a schedule that meets your security maintenance standards and your clients’ needs.
There’s no single action that ensures protection, especially from zero-day attacks, but using services packs are an easy and effective step to take.
Every program installed on a device is a potential entry point for a bad actor—so, clean these up regularly. If a program has not been okayed or vetted by a company, it should not be allowed. Hackers look for security holes when attempting to compromise networks, so this is your chance to minimize their opportunities.
User error can lead to a successful cyberattack. One way to prevent this is by defining the groups that have accessibility and stick to those rules. Update user policies and make sure all users are aware of and compliant with these procedures.
For Windows: https://security.utexas.edu/os-hardening-checklist/windows-r2
For Linux: https://security.utexas.edu/os-hardening-checklist/linux-7
The less hardware and software running on the computer, the less money you will have to spend in the future for updates and on expenses to remove malware in the future. Hardening also frees up more space on the computer, which means you don’t have to buy more memory.
It is fair to say that an organizations data is the most important asset. Therefore, protecting the data against intentional and accidental leakages is of utmost importance. This is emphasized by the continuous growth of data leakages happening around world. According to Verizon data breach report 2020, 86% of the reported breaches were financially motivated. Data Loss Prevention (DLP) can be defined as a company’s strategy for making sure that sensitive or critical information is prevented from being leaked outside of the company perimeter.
DLP strategy of an organizations may consist a combination of processes and tools that are used to detect and block data leakage scenarios. DLP tools used in the industry are capable of classifying the data according to its importance and identifying any violations to a pre-defined policy related to classified data. Policies attached to classified data are traditionally driven by regulatory requirements such as GDPR, HIPAA, PCI-DSS. However, it is important to recognize the attributes of DLP tools with respect to its business importance.
In addition to regulatory compliance, every organization is naturally concerned about the reputation loss, liabilities, fines and revenue loss associated with data leakages. Serious data breaches can cause havoc in an organizations structure and result in a complete collapse of its functionality. Therefore, importance of DLP cannot be overstated.
While companies are continuously monitoring for external threat actors initiating data breaches, recent incidents indicate the biggest threat for data exposure can arise from within the organization perimeter itself. Your company may already have a security plan for protecting data from external intruders. However, if you have not considered accidental or intentional sensitive data exposure by internal actors, that indicates a serious gap in your security policy. This is when DLP solutions can come to the rescue. If your data and network infrastructure is complex and you are not sure when and where your sensitive data is being stored, sent and accessed, DLP solutions can provide a birds-eye view. With a detailed picture of sensitive data, your company can introduce correct policies and checkpoints which can prevent the above-mentioned negative outcomes.
DLP solutions also come with reporting capabilities which can play an instrumental role in compliance audits. For an organization handling intellectual property and trade secrets, confidentiality is at utmost importance. In such scenarios DLP solutions can be an effective emissary which could prove vital to your organization’s existence. Gartner predicted enterprise DLP solutions to occupy an estimated $2.64 billion market share in 2020. Advanced enterprise DLP solutions are increasing its capabilities at a rapid rate. Few newly introduced capabilities include real time data classification for data at rest and data in motion, automatic policy enforcement, optical character recognition(OCR), source code protection, content matching for audio, video, and executables.
There are a variety of DLP solutions available for all types of businesses. Few of the prominent enterprise DLP vendors include Broadcom (Symantec), Forcepoint, McAfee, GTB Technologies, CoSoSys and Digital Guardian.