In the first of four Cyber Security Awareness Month webcasts, a panel of security experts, including Bob Lord, CISO in Residence at Rapid7, Ed Adams, President and CEO at Security Innovation, Chris Secrest, Information Security Manager at MetaBank, and Josh Feinblum, VP of Information Security at Rapid7, came together to discuss, "How to Make your Workplace Cyber-Safe". They touched upon how to create a security-centric culture, combating common threats targeted at users, characteristics of an effective security awareness program, and best practices for managing passwords and devices. Read on to learn the top 3 takeaways from this webinar:
1. Security should be a reflex – A strong sign that an organization has successfully created a security-centric culture is if secure actions are reflexes for users across the organization. For example – has it become second nature for employees to know how to treat sensitive data, when it’s okay to share information, and how to spot phishing attacks? If employees aren’t sure about something, do they ask security or just click? If users are asking before acting, it’s a pretty good indicator that a security-centric culture has successfully started to spread.
2. It takes 2 Factor Authentication – Every user can be a pathway in. Any given user may not be the most impactful entry point – but they can be the first step to lateral movement within an environment. Be skeptical of all user activity, and use 2 factor authentication to remove risky users from the equation. Don’t let one mistake from a risky user impact your organization. A successful hack is substantially more difficult when 2 factor authentication is in play, and can make the act just challenging enough that the attacker may move on to an easier target.
3. Security is a Team Sport – Teach users at your organization to be more skeptical. Hiring more security professionals isn’t enough to improve security – you need security-smart eyes and ears all over the organization. Plus, you'll benefit from less hostile, more understanding relationships between security and other business units. Build bridges not walls! Integrate security into your culture, and groups around the organization will start to recognize the need to bring security into projects earlier. Don’t just give users rules to blindly follow – teach them how attackers work and think, and empower users to make decisions when the security team is not around.
To listen to the full discussion: view the on-demand webcast now.