now browsing by tag
From conducting a top-to-bottom IT security audit to ensuring your computing infrastructure and software are completely updated and patched, there are plenty of important tasks related to cybersecurity strategy for IT pros to check off as 2018 approaches.
To help enterprises get a fresh start on the New Year, ITPro asked several IT analysts to share their top ideas for 2018 security resolutions which IT pros can follow as part of a broader cybersecurity strategy to help keep their business systems running smoothly.
To start, the New Year is a good time to check to ensure that all your company’s endpoints – from laptops to desktops to switches and everything in-between – are secured where they connect with your secure company networks, says Dan Olds, principal analyst at Gabriel Consulting Group.
“This is also a good time to check the security profiles for everyone on your network,” and make sure that everyone is obeying policies when using their devices, he says. “By this I mean making sure that every employee has just the right amount of access to data needed to do their jobs – and no more.” By conducting such checks, you’ll likely uncover many potential threats, such as contractors and ex-employees who might still have accounts on your systems, he adds.
Another important resolution that’s often forgotten is to be sure all your hardware and software are given the latest security updates and patches to protect your users and IT systems, says Olds. “The biggest threat vector today is unpatched systems. Get everything brought up to date to face the New Year behind a reinforced wall of security.”
“You could even put your IT systems to the acid test by hiring hackers actually try to penetrate your systems from outside your firewall,” says Olds. “This isn’t an exercise for the faint of heart, but it will pay dividends.”
Sean Pike, a security analyst with IDC, recommends tightening your cybersecurity strategy and ensuring cloud security by taking steps to harmonize your company’s tools for managing on-premise and cloud-based cloud infrastructure.
“Once upon a time, traditional, on-premise security providers generally failed to innovate toward the cloud as rapidly as perhaps they should have,” says Pike. “As a result, many organizations ended up treating cloud and on-premise infrastructure differently,” which meant learning and maintaining separate security tools for two different environments.
To simplify such issues in 2018 and better manage your company’s clouds, IT pros should work in 2018 to integrate their hybrid or multi-cloud security using a single tool, he says.
“A great example of this are cloud security gateways (CSG) in which security vendors have spent a great deal of time adding functionality over the last two years,” says Pike. “The CSG is the central control point for hybrid cloud environments for a number of large security vendor incumbents.”
Another important resolution to prepare for is the upcoming General Data Protection Regulation (GDPR), which will take effect in the European Union on May 25, 2018, says Pike.
The GDPR replaces earlier data privacy laws and applies to businesses outside the EU if they offer goods or services to EU residents. The GDPR applies to all companies processing and holding the personal data of EU residents, regardless of where a company is located. Penalties for non-compliance with the GDPR are costly – up to four percent of a company’s global revenue or $22.7 million for violations, such as not having sufficient customer consent to process their data and not notifying the supervising authority and users about a data breach within 72 hours.
“Security pros will be scrambling to meet GDPR as the May deadline edges closer,” he says, and once 2018 arrives it will be time to act. “Unfortunately, many businesses will just be kicking off their efforts so it’s a good idea to start by identifying business processes and establishing how data flows throughout each process.”
Since there will be so much to do if you haven’t yet gotten started, “it’s important to first understand how business processes actually work and what kind of data is out there,” says Pike. “Otherwise, you run the risk of overwhelming staff with too many instances of potentially sensitive data to chase. I always like to start with the process where possible.”
IT pros should also spend more time with network access control (NAC) in 2018, he says, as they continue to connect new kinds of devices and sensors to the Internet of Things as part of their corporate infrastructure.
“IDC sees NAC as a necessary first line of defense as businesses expand to allow unknown, unmanaged, or unintelligent devices access to network resources,” says Pike. “NAC’s core discovery functionality can help businesses identify and inventory devices that connect,” and can control access to network resources by acting as a gatekeeper and disallowing devices that do not meet a preset corporate profile.
Another analyst, Charles King of Pund-IT, suggests trying a new tack in 2018 by making “best-case scenario” projections for security, rather than the typical worst-case scenario planning that seeks to plan for disasters that can occur. Instead of overwhelming IT staffers and other employees with worst-case planning, “imagine what your organization would need to make it through 2018 without any security breaches or problems, then consider what it would take to achieve that state,” says King.
“Maybe you’ll find that it’s virtually impossible due to factors like fundamental disconnects between the security solutions you use and the systems they’re meant to protect,” he says. “Maybe your company has employees or executives who can’t be bothered with security procedures they’re asked to follow. But each of those discoveries will identify incremental action items that you and your co-workers can work to correct” in the New Year.
Not every security resolution for 2018 must be huge, though, says Andras Cser, an analyst at Forrester Research.
“Change passwords every 90 days and enforce them to be at least 10 characters in length,” says Cser. In addition, “implement at least the option for two-factor authentication for employees and customers on your websites,” while taking detailed steps to revise and fortify your enterprise’s incident security responses to better protect the company.
Ensuring that your IT security starts strong in 2018 and continues throughout the year is a great goal to have for every enterprise. Using these expert IT security resolutions and tips can help you accomplish those tasks.
The post Cybersecurity #Strategy: Top #Security #Resolutions for 2018 appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
With less than two weeks left on the 2017 calendar, I’ve started to think about life after the holidays and what personal resolve I will need to accomplish some of my goals for next year.
For me, this entails a lot of dedication and discipline as I train for a spring marathon. But I know that’s not for everyone, and in order for our resolutions to be successful, they need to be reasonable and achievable. And while I put a lot of focus on running, I also wholeheartedly believe there are certain things in all our lives that can be changed for the better without a whole lot of effort.
Take cybersecurity for example. Even the biggest technophobes among us can up their game with some reasonable resolutions that will make things like using your credit card or shopping online safer and more secure.
There are some terrific websites out there that offer good advice and information about online safety, like “Stop. Think. Connect” for example. But before you hop over to that site, check out my seven cybersecurity resolutions for everyone to consider adding to their own lists:
1. I Will Be Security-Aware
Being security-aware means that you understand that there are people out there who will deliberately (or even by accident) steal or misuse your personal information. Awareness is the first step. Next comes education and diligence around cybersecurity.
Here’s an easy step: sign up for text and email alerts to get informed about important activity on your bank and credit card accounts. If you’ve misplaced your wallet, you can easily shut off your cards on your accounts’ apps. (I can say from personal experience doing this can give you peace of mind until you finally find your wallet under the driver’s seat of your car.)
2. I Will Stop at the Autofilling Station for Online Shoppers
Online shopping will get a little safer and easier with the latest Android platform “Oreo” due to its expanded autofill framework. For example, Oreo will allow you to recognize credit card forms and addresses, and if you’ve got that information stored in your LastPass vault, we’ll safely fill that up for you.
3. I Will Only Visit Secure, Trustworthy Websites
You don’t need to be a security expert to know if you are on a safe, legitimate website. Simply check the URL to confirm there’s an “s” after “http” at the beginning (like this post’s URL).
By the way, that “s” stands for “secure”. When you’re on your local Starbucks’ or any airport’s Wi-Fi network, you aren’t on a secure connection so reconsider shopping on Amazon Prime until you get home.
4. I Will Treat My Passwords with Kindness and Let Them Thrive
Treat your passwords like you treat your child. They all thrive with discipline, structure and love. For starters, stop leaving your passwords defenseless against cybercriminals because you’ve made them simple and easy to guess, or over-exposed through reuse on multiple websites. Break the cycle with a simple password management tool that will generate strong and unique passwords for every account, change them as often as you like (or as it advises), and keep them locked up tight.
5. I Will Keep My Devices and Applications Updated
When Apple, Microsoft or Google strongly encourage you to apply the latest mobile or laptop operating system update (e.g. Apple iOS, Windows) because of a security vulnerability, they aren’t kidding around. Update it. Or just set it to happen when you’re sleeping.
The inconvenience of managing your software updates is significantly dwarfed by the ever so inconvenient identity theft. Check the settings on your laptops, tablets, and smartphones to manage automatic updates to apps, software, and operating systems. Don’t forget your browsers while you’re at it. They’re a gateway to everything important on your machine. And don’t drag your heels like the folks at Equifax. Earlier this year they neglected to patch a known vulnerability which led to a massive breach of personal data belonging to 146 million people.
6. I Will Not Overshare on Social Media
I was on a popular social site the other day to check out my niece’s new profile. I sent her a link to a photo of her house on Google Earth and noted that anyone could do the same because her home address was public. (I’m subtle like that.)
Check your settings on Facebook, LinkedIn and any other social media site you use. Make sure your personal email address, phone numbers, addresses, and birthdate are only visible to you. (And maybe keep ‘em locked up in a password vault while you’re at it.) All cybercriminals need is a few bits of information about you to put together the rest of the puzzle.
7. I Will Stay Motivated to Meet My Resolutions
Be realistic when setting any of your goals. They should be attainable, not out of reach. Give yourself a reasonable timeline to meet your resolutions, and celebrate milestones along the way. If you don’t lose those 10 pounds by the end of January, fend off the shame and guilt, and keep at it.
So let those passwords of yours thrive. They’re fat-free.
The post 7 New Year’s #Cybersecurity #Resolutions for #Everyone appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures