Unfortunately, end-users are often left out of the conversation when looking for ways to bolster security across the enterprise. A lack of training and education often play a big part in leaving end-users exposed to nasty forms of malware that can infiltrate an operating system and wreak havoc over a corporate network.
In fact, a recent study by Trustwave indicates that up to 14.4 incidents of data loss per year can be attributed to employee negligence. Further, 15 percent of enterprises claim to have reported an insider breach with malicious intent. IT managers need to recognize that until all end-users are caught up to speed with basic cybersecurity training, attacks will continue to pose major problems.
With so many cybersecurity factors to pay attention to, where does one begin to assess ways to prevent breaches from occurring? Here is a look at some easy “spring cleaning” tactics that can be deployed by end-users across your enterprise to make sure that cybersecurity remains a top of mind throughout the remainder of 2014.
1. Keep operating systems updated
One of the most important aspects that you users can do to ensure digital safety when sharing information with end-consumers across your enterprise is to remind — or require — that they ensure they’re operating system is updated.
If OS updates aren’t managed by your organization’s IT department, it is strongly advised that end-users enroll in built-in automatic updates so that they are always on top of the latest software. This will prevent third-party criminals from gaining access to private information via security voids that have already been patched.
2. Scan PCs for malware and viruses
Scanning PCs for malware and viruses should be treated like regularly visiting the doctor. If you haven’t done it in awhile, you are probably overdue. It is vital that end-users recognize the constant threat of malicious software and scan regularly to avoid getting hit with an attack.
Entrust’s head of malware research Jason Soroko explains that’s it critical to remain prudent in defending against advanced malware. Each evolution is becoming more resilient than the previous generation.
“Malicious activity is much more difficult to detect than we have been led to believe. By securing the identity, we have the means to defend against the most sophisticated threats,” said Soroko. “Threat intelligence without ensuring identity inherently has limitations because it is a variation on blacklisting, which has proven to be ineffective. The technology pipeline of fraudsters is stacked, becoming more advanced and persistent. Leveraging mobile devices to protect identities is a way to level the playing field.”
In response, enterprises must understand that security — such as strong authentication and mobile-based identities — is no longer a luxury but a must-have in 2014. These threats are real, and they are lurking in cyberspace. For end-users, it is vital to scan regularly, using free software such as Malwarebytes or Microsoft Security Essentials (MSE), which are both capable of detecting and eliminating threats over a network. (As always, use of the aforementioned antivirus software is the responsibility of the reader.)
3. Ensure browsers are up to date
Internet browsers are constantly in need of updates, and running old or out-of-date browsers can pose serious security risks. That’s because old browsers become less stable as they age, and as a result, viruses and various forms of spyware can gain access to a computer when users unknowingly click on malicious links and download malware or other nefarious viruses.
Outdated browsers also run the risk of playing part in a number of different types of man-in-the-middle attacks, in which a third party silently enters a computer and facilitates attacks silently against other machines — or groups of machines. Check to see that browser settings are up to date, and always restart the browser after the updates occur in order to make sure that changes are installed properly.
Find these tips helpful? Make sure to tune in for Part 2 f this three-piece series, which will explore more simple solutions for bolstering online security.