![]() ![]() Verifying and reporting out-of-date software patches or any failures in automated processes and tools.Recognizing a potential incident and being able to report such an incident.Causes for unintentional data exposure, such as the mis-delivery of sensitive data, losing a portable end-user device, or publishing data to unintended audiences.Identifying and properly storing, transferring, archiving, and destroying sensitive data.Authentication best practices, such as MFA, password composition, and credential management.Recognizing social engineering attacks, such as phishing, pre-texting, and tailgating. ![]() These controls outline best practices for annual security awareness training, with topics including: The Center for Internet Security (CIS) provides important training topics in section 14 of version 8 of their Critical Security Controls. It could even be in-person, such as an attacker walking into the office and convincing the front desk they are there to do work in your server room.Īt a minimum, organizations should conduct yearly training on a variety of security awareness topics, with an emphasis on social engineering. It could be a phone call from a hacker pretending to be IT. It could be a phishing email designed to capture credentials or private information. A social engineering attack can come in a variety of ways. The employees in your organization can function as a crucial line of defense in the event of a breach, but only if they’re trained to recognize and respond to a social engineering attack. With many employees still working from home and organizational resources accessible remotely, organizations must respond to the threat of social engineering and spend time reinforcing their “human firewall,” as they would their physical firewall. Phishing was present in 36% of breaches, which is up from 25% in the previous year. What about the human firewall?Īccording to the Verizon 2021 Data Breach Investigations Report, 85% of breaches in 2021 involved a human element. But with all those measures, it’s easy to forget about what could either be your greatest asset, or your greatest weakness. You’ve set up multifactor authentication and antivirus, enabled backups, secured physical devices and your WiFi, and you’ve spent hours configuring your firewall. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |