We live in a time of rapid expansion of services and experiences being delivered online to more people, through an environment that is enabled by variety of seamlessly synchronised devices and digital connections. In such times of change, transition and evolution opportunities abound for entrepreneurship, skills development and employment opportunities, but also for the stealthy interception of valuable data.
Considering that humans are one of the greatest vulnerabilities to organisational data and system integrity, Carlo Bolzonello, country leader of Trellix South Africa, offers the following key principles of cybersecurity training that organisations must emphasise to employees, so to ensure the protection of all corporate, as well as personal data.
The past several years have seen a rise in the adoption of communications technology and e-commerce across Africa. This shift offers an opportunity, even for those without bank accounts, to utilise the global Internet to improve their lives.
Even as the African economy grows, lifting millions up to a higher standard of living and bringing new wealth to long-struggling nations, organisations need to protect their data now more than ever.
You, the cybersecurity project manager or even the direct manager, keep your employees up-to-date on their cybersecurity awareness training, here are seven guiding principles to instil, so they become shields against threats, rather than the door that lets them in:
* Secure awareness – Online threats have evolved drastically, but commercially promoted security tools have not, until very recently. Users on any organisational system, whether it is owned or shared (social) must be thoroughly trained, and regularly reminded how their actions have the potential to open an unwanted door into the organisation. Even with the best security tools, a team member who hasn’t been sufficiently trained on IT policies can put the entire organisation at risk – make cybersecurity a culture.
* Secure your access – Multi-factor authentication is a method of securing online accounts through an added layer of verification, be it an email, SMS or a phone call. Similar to getting a second doctor’s opinion or confirming that the child’s school has cancelled classes on Friday. Within the secure organisational network, users must be required to activate their profiles regularly using multi-factor authentication. This can now be managed more effectively using an emerging field of security tools that utilise self-learning technology and automation, rather than a traditional, siloed branded product.
* Secure your environment – All users should stay aware of their environment and remember that not every available Wi-Fi connection is safe for their devices. By having very strong passwords, people can somewhat shield themselves from automated password guessing scripts left in the environment. Furthermore, they need to develop their own systems for protecting their passwords … and send regular reminders to always update their system when asked (to get the most current protection)! For even more resilience, using a VPN creates an encrypted pathway to protect personal data and communications. By taking these relatively simple measures, each user vastly improves the effectiveness of emerging integrated security systems that utilise artificial intelligence will quickly analyse current threats, then automate investigation and response activities.
* Secure your habits – No one is fully immune against the simple, tried and tested social engineering phishing bot, which is still successful in acquiring highly sensitive personal and account access information. People need to stay accustomed to scrutinising every pop-up box, email, and text message, especially those that beg to be clicked right away. Even if it claims to have found a virus on your computer, or the Prince of Denmark offering a once-in-a-lifetime billion-dollar deal, don’t be swayed by emotion. While a link may come from a trusted friend, workers must sure to investigate every unknown link thoroughly. Simply asking their friend or colleague what the link is, or using one of the many freely available website address (URL) scanners. The organisation should provide an easy channel through which to do report any suspicious emails or links, even when in doubt, these can be reviewed by the security team. By leveraging a unified security platform that continuously collects data from multiple proprietary security systems, your trusted users are adding to the creation of an added layer of protection for your organisation and others.
* Secure your tools – Downloading apps has become as much a part of people’s lives as drinking a cup of coffee. The army of creative app developers now supply an app for anything, from fitness to entertainment, personal finance and information. However, while the app stores have made strides in ensuring the safety of their apps, excessive exposure of people’s devices to third party apps opens an unwanted door for a crafty hacker. Each user should make sure to check the integrity of each app before downloading, and check the company policy if they are unsure. Thankfully, modern smart cybersecurity tools make this process much easier and more comprehensive, scrutinising even the newest apps to hit the market.
* Secure your data – While the cloud brings a revolution in personal and organisation data storage, a practice worth cultivating is the regular backup on offline files and information. Clearing and backing up devices of important material is a refreshing exercise on its own, but making this a mandated practice in certain organisations also means each user is offering up much less critical data, should a threat actor choose to target that system.
* Secure your resources – Users should be constantly encouraged to report and record all suspected past, current, and potential future data breaches to track resource usage, offering easy channels dedicated to this purpose. Operating a computer system, whether it’s a mobile phone or an advanced professional system, is a constant game of resource management. Some stealthy hackers leave no trace of their footsteps inside large corporate and government systems, apart from the sudden irregular consumption of storage and power. Keeping an eye on strange usage of the main on-board components is important, as this could be a clue of unwanted visitors. Consolidated security portals will be able to detect this in even more detail, confirming any suspicions you might have of surreptitious resource hijackers.
While threats have continued to evolve, security hasn’t, until now. In a new world of more dynamic and sophisticated threats, siloed and static solutions are simply not equipped to keep organisations protected.
Keeping companies, and the employees they trust, ahead of modern threats will increasingly rely on the power of living security technology. The guiding principle describes an automated process that quickly analyses data, examines alerts and reports on critical factors, as well as removing detected threats and subsequently updates security policies following a breach or a threat.
Extended Detection and Response (XDR), which is proving to be the most effective protection against a wide plethora- of active threats, locally and from abroad. Now, we are only beginning to harness the power of artificial intelligence and machine learning to provide adaptive strength prevention and stay ahead of quickly evolving entities.
Managed by security operations teams, the living XDR ecosystem ensures easier, more comprehensive responses to attempts to breach your system as they take play.