Read ThreatAdvice's Jason Asbury's Thoughts on Digital Security in the Media Planet Piece Featured in USA Today

We’ve teamed up with Mediaplanet on its Digital Security campaign. There are billions of devices online that contain our most sensitive data. We must protected these access points from threat actors who wish to do us harm. Learn how by checking out the campaign in USA Today and online at this article and on this article.  Robert Herjavec, Frank Abagnale, and more have to say about what you need to be doing to ensure your digital security in today's challenging environment and read ThreatAdvice's Jason Asbury's thoughts below...

Here's what ThreatAdvice's Jason Asbury had to say about How to Avoid Phishing in an Ever Expanding Sea...

What are common mistakes you see when it comes to digital security in business?

Most often, mistakes are tied to the administrative components of the security program, as the very best technology isn’t effective if it isn’t implemented correctly or properly managed. Lack of strong third-party vendor agreements holding vendors accountable for security matters is very common. Finally, the lack of having a remedial security training program in place occurs far too often. 

It is very important to regularly phish all employees to keep their awareness level high. Phishing employees is most effective when it is followed up with comprehensive training that teaches the employees how to identify and avoid risk. Additionally, it’s very important to test employees after they’ve taken courses in order to gauge comprehension.

It is critical to notify your IT department as soon as a compromise is suspected. It is also critical to shut down network access to suspected devices. User account passwords should be changed and, even though they already should be protected, system backups should be ensured for integrity. Most attacks can be minimized if swift action is taken to limit the spread of infections.

 

Risk is best mitigated when multiple layers of protection are applied, as this helps to ensure attacks don’t spread easily throughout an organization. Consider protections like multi-factor authentication; endpoint management software to ensure patches and controls can be applied quickly across the organization; network segmentation to prevent the fast and easy spread of malicious content; and strong security and incident event monitoring software.

Multi-cloud platforms have one common denominator and that is the devices that access them. It is essential to secure and protect computers, tablets, and mobile devices that have access to multiple platforms.  Multi-factor authentication controls paired with strong passwords are a must for securing cloud platforms. It is also very important for businesses to thoroughly review and test cloud providers to ensure strong controls are applied.

Multi-factor authentication has been around for a long time and it is easier than ever to implement because now employees can carry their tokens in the form of their phones. Of course there are other applications, such as fingerprint and retina scans. One area of authentication that is often overlooked is access to systems from within an organization’s network, as multi-factor authentication is often not applied internally. Accordingly, we see more attacks that are successfully implemented and propagated from within.