Read ThreatAdvice's Jason Asbury's Thoughts on Digital Security in the Media Planet Piece Featured in USA Today
We’ve teamed up with Mediaplanet on its Digital Security campaign. There are billions of devices online that contain our most sensitive data. We must protected these access points from threat actors who wish to do us harm. Learn how by checking out the campaign in USA Today and online here
. Robert Herjavec, Frank Abagnale, and more have to say about what you need to be doing to ensure your digital security in today's challenging environment and read ThreatAdvice's Jason Asbury's thoughts below...
Here's what ThreatAdvice's Jason Asbury had to say about How to Avoid Phishing in an Ever Expanding Sea...What are common mistakes you see when it comes to digital security in business?
Most often, mistakes are tied to the administrative components of the security program, as the very best technology isn’t effective if it isn’t implemented correctly or properly managed. Lack of strong third-party vendor agreements holding vendors accountable for security matters is very common. Finally, the lack of having a remedial security training program in place occurs far too often.
What are best practices for employee education when it comes to phishing?
It is very important to regularly phish all employees to keep their awareness level high. Phishing employees is most effective when it is followed up with comprehensive training that teaches the employees how to identify and avoid risk. Additionally, it’s very important to test employees after they’ve taken courses in order to gauge comprehension.
If your company falls victim to phishing, what are the critical first actions to take?
It is critical to notify your IT department as soon as a compromise is suspected. It is also critical to shut down network access to suspected devices. User account passwords should be changed and, even though they already should be protected, system backups should be ensured for integrity. Most attacks can be minimized if swift action is taken to limit the spread of infections.
Beyond employee education, how can employers minimize risk?
Risk is best mitigated when multiple layers of protection are applied, as this helps to ensure attacks don’t spread easily throughout an organization. Consider protections like multi-factor authentication; endpoint management software to ensure patches and controls can be applied quickly across the organization; network segmentation to prevent the fast and easy spread of malicious content; and strong security and incident event monitoring software.
How do you recommend business owners secure information on multi-cloud platforms?
Multi-cloud platforms have one common denominator and that is the devices that access them. It is essential to secure and protect computers, tablets, and mobile devices that have access to multiple platforms. Multi-factor authentication controls paired with strong passwords are a must for securing cloud platforms. It is also very important for businesses to thoroughly review and test cloud providers to ensure strong controls are applied.
How has multi-factor authentication modernized digital security?
Multi-factor authentication has been around for a long time and it is easier than ever to implement because now employees can carry their tokens in the form of their phones. Of course there are other applications, such as fingerprint and retina scans. One area of authentication that is often overlooked is access to systems from within an organization’s network, as multi-factor authentication is often not applied internally. Accordingly, we see more attacks that are successfully implemented and propagated from within.
September 13, 2019