It may sound ridiculous, especially in today’s climate, but many organizations we speak to are not regularly measuring their cyber-security preparedness. If you don’t measure, how can you know for sure if you’re doing your utmost to prevent disastrous data breaches? A lack of historic cyber-security incidents is absolutely no guarantee that you are effective in preventing them. In fact, it may just signify that you have been lucky.
If you’re reading this article, then you’ve taken the first step towards better cyber-security. So, where do you go next? Below I have outlined some key metrics you can use regularly for that security peace of mind.
1. How Effective Has Your Training Been?
You may have set up regular training on cyber-security awareness (which, if you haven’t, you definitely should) but how do you know whether it is working? You need to regularly take attendance for these meetings and identify whether there are any weaknesses in your employees. You should also analyze the interaction rate with different types of training (from third-party instructors to videos and games focused sessions) and see which resonates more with your staff. Doing this will enable you to continually update and improve your training sessions.
2. How Long Does It Take You to Identify a Threat?
Test yourself to see how long it would take you to identify if a critical file containing personally identifiable information (PII) was deleted. If such an action was taken by a rogue administrator, for example, how long would it take you to find out? How long would it take you to find out who has access to that file/folder and who made the change?
If you’re using native auditing to find out the answers to these questions, then the chances are that your response time will not be quick enough. It’s not a viable security strategy to be reactive in these situations. Use a File Server auditing solution instead, as they will run continuously in the background and do most of the hard work for you. LepideAuditor, for example, can generate reports in real time whenever critical changes take place to data stored in File Servers; providing you with all the necessary information to speed up your investigation and response times.
3. Where Are Your Weaknesses?
Perform regular audits of your cyber-security weaknesses and find out the areas in which you are most vulnerable. You should be able to compile a list of the most likely attack paths you could encounter, the type of attack, the likely time of day and the data your storing that is at risk. By taking these audits regularly the goal is to build up a benchmark against which to measure your progress. Over time, have you taken steps to reduce the number of threats that you are likely to encounter? If so, then your cyber-security preparedness is improving!
4. Analyze Your Employees
As we now know, employee negligence is one of the leading reasons for data breaches throughout the world. Constant monitoring of your users allows you to determine which ones are security conscious and which ones are not.
Make a list of all those employees who you deem to be potential weak links. This may be people who regularly forget their passwords, click on suspicious looking links in emails, accidentally delete files or folder and much more. Monitor these people closely and determine whether any patterns can be discerned. Do they belong to a specific department or have a specific job role, for example?
Similarly, you need to identify which of your employees are doing a good job and what makes them different. Which people are taking care with critical files and folders, not abusing their privileges, not sharing passwords etc. Are there any lessons you can learn from these individuals that can be transferred across the business?
Don’t forget to include any third-party contractors or vendors that have access to critical systems and data, as they can present another route into your systems for attackers.
Adopting a User Monitoring Solution
Some of the points raised in these articles require you to keep a close eye on what your users are doing with your data and in your systems. As mentioned, this will almost certainly require you to implement a change auditing and user monitoring solution. LepideAuditor is easy to install, configure and use, and will provide you with all the necessary information to properly investigate and respond to potential cyber-security threats; including ransomware, insider threats, privilege abuse and more. For more information, as well as a free trial of the solution, click here.