Cyber Security Tips to Combat Cyber Crime | Part 2
Not the majority of the cyber threats are so evidently dangerous and because of this numerous associations don’t see smoke by any stretch of the imagination. In this manner they expect that all is well and nothing is in danger. However, the reality is that a hacker or cyber criminal is already on the network, waiting, watching, stealing data, and committing financial fraud; typically using the credentials and accounts of a trusted insider. This is on the grounds that hackers and cyber criminals for whom the thought process is monetarily roused or insight centered, the way to their hacking exercises is to stay covered up, to remain undetected and shroud any follow or impression of their exercises. These kinds of hacking procedures make it troublesome for associations to perceive and battle cyber crime. They are difficult to detect because everything appears to be working normally. Some cyber security tips
- Use solid passwords and keep privileged accounts protected
When choosing a password make it a strong password, unique to that account, and change it often. The normal age of a social password today is years, and social media does not do a great job alerting you on how old your password is, how weak it is, and when it is a good time to change it. It is your responsibility to protect your account so, protect it wisely. If you have many accounts and passwords, use an enterprise password and privileged account vault to make it easier to manage and secure. Never use the same password multiple times.
If your company is giving employees local administrator accounts or privileged access then this seriously weakens the organization’s cyber security tips. This can mean the difference between a single system and user account being compromised and the entire organization’s computer systems. In all Advanced Persistent Threats, the use of privileged accounts has been the difference between a simple perimeter breach and a major data loss, malicious activity, financial fraud, or worst case scenario: ransomware.
Organizations should quickly ensure they continuously audit and discover privileged accounts and applications that require privileged access, remove administrator rights where they are not required and adopt two-factor authentication to mitigate user accounts from easily being compromised.
- Do not allow users to install or execute unapproved or untrusted applications – stop malware and ransomware at the endpoint
Another major risk that organizations run—as a result of providing users with privileged access—is that the user has the ability to install and execute applications as they wish, no matter where or how they obtained the installation executable. This can pose a major risk allowing ransomware or malware to infect and propagate into the organization. It also allows the attacker to install tools enabling them to easily return whenever they wish. When a user with a privileged account is reading emails, opening documents, browsing the Internet and clicking on numerous links, or when they simply plug a USB device into the system, they can unknowingly install infectious or malicious tools. This enables an attacker to quickly gain access and begin the attack from within the perimeter, or in the worst case scenario, encrypt the system and sensitive data—then request a financial payment in return to unlock them.
Organizations must implement security controls that prevent any application or tool from being installed onto the system by using Application Whitelisting, Blacklisting, Dynamic Listing, Real-Time Privilege Elevation, and Application Reputation and Intelligence. This is one of the most effective ways to prevent being the next victim of cyber crime.
- Be deceptive and unpredictable
It’s crucial to be deceptive, be unpredictable. Most organizations look to automation to help assist in their cyber security defenses, but in many cases this lends itself to predictability: scans are run at the same time every week; patches take place once per month, assessments once per quarter or per year.
Companies that are predictable are vulnerable, so should establish a mindset in which systems are updated and assessed on an ad-hoc basis. Randomize your activity. This will increase your capacity to detect active cyber attacks and breaches.
These best practices and cyber security tips will help companies reduce the dwell time of cyber breaches as it makes it difficult for hackers and cyber criminals to remain hidden and increases the likeness of detecting active cyber attacks. It also raises awareness in the organization, and engages employees in becoming an important role in detecting suspicious activities.