As we move into the end of summer and transition to a new season, we may need to refocus and get back to business. This is often easier said than done and cyber-threats tend to match the trends of the work and school environment. So, as we transition from vacation-mode, (you know… that laid back summer mindset) we need to make sure we are aligning our cybersecurity posture with these same ideas and mentality.
September has become known as the “National Security Insider Threat Awareness Month,” dubbed by government associations like the Department of Homeland Security and National Counterintelligence and Security Center. It is meant to emphasize pro-active protection against insider threats --- particularly during this transitory time of year.
The National Counterintelligence and Security Center Director addresses the unique risks associated with the current environment during the COVID-19 pandemic and in turn, notates that 2020’s awareness month focuses on “resilience.”
At RCS, we understand the importance of resilience in cyber-security and that it is crucial to helping individuals stay out of harm’s way, bounce back from a possible threat and develop the behaviors, thoughts, and actions that promote personal well-being and mental health. This is especially important in a time like today, and insider threat programs can promote personal and organizational resilience to help mitigate risks.
So what does all of this really mean for your business and how can you follow best practices to increase “resilience” in your company in order to mitigate risks?
-Include warning banners for all emails external to the organization.
-Maintain up-to-date antivirus signatures and engines.
-Ensure systems have the latest security updates.
-Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
-Restrict users' permissions to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
-Enforce a strong password policy.
-Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.
-Enable a personal firewall on agency workstations that is configured to deny unsolicited connection requests.
-Disable unnecessary services on agency workstations and servers.
-Scan for and remove suspicious email attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
-Monitor users' web browsing habits; restrict access to sites with unfavorable content.
-Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
-Scan all software downloaded from the internet prior to executing.
-Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
These are just a few of the methods we recommend you use to keep your defenses up and stay safe in the era of back-to-school.
If you have any additional questions regarding cyber security and how to keep your business safe from an attack, please contact us at firstname.lastname@example.org