Remember the basics – Be cautious about what you post and who you befriend on social media. A new “friend” may not be a friend at all. He/she may just want to learn more about you and use it for malicious purposes. Use strong passwords. Passwords should be at least six characters long and include a combination of symbols, letters and numbers. We also suggest using passphrases, which are harder to guess, such as “mydogisnameddexter.” Businesses should conduct security awareness training that covers these tips and others so that employees have a better understanding of how to avoid becoming a victim.
Think twice before opening an attachment or link – Criminals often send emails that contain malicious links or attachments. Once the receiver opens the link or attachment, malware is planted on his/her machine. Before clicking on such lures, confirm with the sender that he/she did indeed send it. If you do not know the sender, it’s best not to open it.
Perform frequent penetration testing – Employers should have frequent penetration testing performed on their networks, applications and databases. Penetration testing identifies vulnerabilities within a business’s security so that business leaders can fix the weak spots before it’s too late.
See the threats – Security technology such as Security Information and Event Management (SIEM) collects data from a business’ network, databases and applications, and alerts them in real time to any threats or unusual activity. This kind of technology helps organizations lower their threat detection and reaction times, which greatly reduces their risk and the potential for damage caused by undetected threats.
Don’t forget about mobile – According to the 2013 Trustwave Global Security Report, our security researchers saw a 400 percent increase in mobile malware in 2012. Malware, policy violations, data loss, as well as unsupported and insecure mobile applications, are creating new security risks. Business leaders must add security controls to help protect the data to which mobile devices have access. For example, technology such as Network Access Control enables granular control over network access and continuous monitoring of corporate-sanctioned and BYOD endpoints to help prevent malware and other threats that can harm infrastructure and leave businesses vulnerable to attack and data loss.