When it comes to security, there are four things that can have a huge impact on your cyber security posture. The benefit of living and breathing technology and information security over over the course of the years is that you recognize the similarities and patterns across a variety of environments.
I’ve worked with large enterprises, small businesses, public institutions, non-profits, associations and individuals to navigate technology, enhance their security and protect privacy.
These types of organizations may be quite different in size, business models, capabilities and missions, but they also have a lot in common. They all have a vested interest in information security and privacy (although their perspectives may be different) and they face many of the same challenges. This applies to families and individuals (that’s you!) as well. In fact, if I were ask for the top five security challenges faced by most organizations, I bet that they’d have four of five in common.
Whether you are a blogger, small-business owner, local government official, non-profit director, or enterprise IT executive, focusing on these four areas can have a huge impact on your security posture and your ability to protect what matters.
PHISHING – Phishing is something that we are all too familiar with. Our inboxes are overflowing with social engineering attacks. For the bad guys, it’s the most effective way to perpetrate their crime. Whether the goal of the attacker is business email compromise or someone just trying to gain access to your Netflix account, the motivations may differ but the risks are the same. Defending against phishing through awareness, knowing how to spot a phish, and what to do about it will stop the threat before the damage can be done. Don’t underestimate phishing, it exists because it works.
ACCESS – In order for a threat to become reality, the bad actor needs access. A way into the bank vault. Access to your account. A backdoor left unlocked. By limiting access we can protect our assets and ensure that the confidentiality of our information remains intact. Simple steps to better access management include using multi-factor authentication, not sharing passwords, using a password manager, and shutting down old accounts that are no longer needed will effectively lock the doors and shut off the threat. Businesses should manage access thoughtfully and conduct regular access reviews. Revoke or remove access where it’s no longer needed and only grant the minimum level of access required. This applies to our device and app settings as well… e.g. Does your weather app really need access to your device’s camera?
IDENTITY – Identity is closely related to access but instead of the what, we are concerned with the WHO. Who do you trust? Who is the sender of that email? Who is logged into my account? Is a bad actor impersonating someone you trust? Protecting identity can go a long way to boost your defenses. On an individual level we know that identity theft is bad with a capital B. How you manage and protect identity in your organization or business is just as important. Do you know who’s watching your Netflix account? Do you know who’s poking around in your customer database? Organizations of all types need to protect the personal information and identity of their employees. You probably have more to protect than you think.
NEGLECT – I knew what the last area of focus would be but I struggled to come up with a representation for the N in my mnemonic device. Was it Not patching your software? Never updating your devices? Negative outcomes from mis-configured systems? I settled on Neglect which I think accurately sums it up. If we neglect the technology that we use, fail to fix vulnerabilities, and ignore best practices we expose our weaknesses and increase the risk that our vulnerabilities will be exploited. Avoid configuration mistakes and keep your systems up to date with security patches to close those holes.
FOCUS ON YOUR PAIN POINTS
Phishing, Access, Identity, Neglect
So there you have it. There are dozens of areas where we could focus our information security energy, but it’s these four that carry the greatest risk and, if given the appropriate attention, will have the greatest impact on defending your organization or business. You’ll cover 80% of the threats and reduce your risk accordingly. Leave the other 20% for after these four areas have been mastered.
Focus on your PAIN points and you’ll be the cyber hero that we need today.
That’s #simplesecurity
Length of text is just right! Gotta look into my app settings now🤦♀️. Thank you for the information!