Let’s face it, CISOs have a lot of weight on their shoulders. They are required to design, implement and enforce security policies with little praise for their efforts. Should something go wrong, and the entire system falls to its knees, they are generally expected to accept full responsibly for the incident. The truth is, however, that data security is everybody’s responsibility. Employees must be made aware of this and be willing to accept responsibility for their own actions. In the meantime, CISOs will need to prioritise in order mitigate such incidents. We have devised a basic summary of the most important security issues which we feel CISOs should focus on in order to minimize the chances of a data breach.
The “Principal of Least Privilege”
In simple terms, the Principal of Least Privilege (PoLP) is about ensuring that staff members are granted the least amount of privileges necessary to adequately perform their duties. Let’s not forget, it only takes one privileged account to be compromised to bring the whole system down. CICOs will need a centralized console where they can review current access permissions and permission changes. The goal is to ensure that users only have access to files and folders required to perform their duties, nothing more.
They should also implement an Acceptable Use Policy (AUP) – a set of rules that are used to prevent staff from performing certain actions, such as installing potentially malicious software, using certain social media sites or visiting untrusted websites. They will need to be able to black-list/white-list websites and applications accordingly.
Keep Your Software up-to-date
This is sometimes easier said than done. After all, many CISOs are hesitant to install patches willy-nilly because they can often break other applications and cause disruption. However, it is still very important to keep all software up-to-date as hackers are very keen to exploit any known bugs in commercial software.
Training and Emergency Drills
According to a number of reports, the majority of cyber-attacks are caused by human error. It is therefore crucially important that CISOs orchestrate periodic training sessions to ensure that staff members are able to identify malware, phishing & social engineering attacks. It is also important to carry out simulated attacks to confirm that they are able to identify such threats in practice. In addition to carrying out simulated phishing attacks, it is always a good idea to engage in emergency drills, which include restoring and testing back-ups or switching to the failover systems.
Auditing and Reporting
Don’t leave anything to chance. If you don’t know exactly who is accessing your sensitive data, what data is being accessed, where the data is located, and when the data is being accessed, you’re going to find it very difficult to keep it out of the wrong hands. You should have a solution in place, such as LepideAuditor, which enables you to automatically detect, alert, report and respond to suspicious file and folder activities, unauthorized access to mailboxes, changes in permissions of your critical IT systems and much more. For more information on LepideAuditor, contact us today.