Insider Threat Management

Top 10 “Coachable Moments” Cybersecurity Awareness Tips

Share with your network!

October’s National Cybersecurity Awareness Month is almost over, but that doesn’t mean insider threat training needs to stop in your organisation. (In fact, it’s just the opposite!)

According to research from SANS, 85% of security awareness professionals reported that their work had a positive impact on the security of their organisation.

We’re rounding up the top 10 tips from our Coachable Moments series so you can make regular user coaching a part of your overall insider threat management strategy.

#1: Show employees how to set up their VPNs.

The upcoming holiday season (and inclement weather...sigh) means an increase in remote work. Make sure that all employees know how to properly set up and authenticate their VPN connections before unleashing them into the work-from-home wild. If connections are too slow, employees may be apt to circumvent the VPN altogether (along with all of its security benefits).

#2: Host a training for application installs and updates.

The proliferation of easy-to-use cloud-based applications has made it easier for employees to select the software they want to use. A downside is that many employees may be running out-of-policy applications on corporate machines without even knowing it. Or, they may not be updating applications or operating systems that have issued critical security patches. Awareness is key to keeping these issues in check. Host an application installation and update session, which reviews key aspects of the policy that cover proper application use.

#3: Get personal about personal email.

Personal email use at work can increase an organisation’s risk of data exfiltration - whether it’s intentional or not. Explain to users when -- if ever -- personal email use is permitted at work, and cover the types of activities that most often put organisations at risk (such as phishing or sending unauthorised company information via personal email).

#4: Advise third-party contractors on authorised system use.

More and more organisations are relying on third-party contractors for business services, but not all of these contractors are in the loop on company cybersecurity policy. Identify which departments in your organisation are using third-party contractors, and give these contractors a primer on authorised application use, document storage, and sharing policies. Try to limit the number of third-party contractors with privileged access to only those who absolutely need it.

#5: Perform a privileged access audit.

Speaking of privileged access … the number of privileged users on corporate systems tends to accumulate over time, which can increase the risk of insider threats. Perform a regular privileged access audit to check which users need this access to do their jobs. Using temporary or rotating administrative credentials can help cut down the number of people with privileged access at any given time.

#6: Brush up on your insider threat indicators.

Understanding the context behind user actions can help you identify a potential insider threat incident-in-progress -- whether its cause is malicious or unintentional. (Hint: these two types of incidents are very different in nature, and should be handled differently in the investigation process). Check out this post on the key indicators for accidental and malicious insider threats.

#7: Show users how to install firmware updates on their routers.

Ah, the router. Users tend to set it up once and forget it. Big mistake! Make sure that any remote employees (or employees that want to work from home frequently) understand how to update the firmware on their routers to ensure that these devices are as secure as possible.

#8: Make use of Single Sign-On (SSO) technology.

Insider threat statistics from the Ponemon Institute show that two in three incidents are caused by user errors. One of the biggest causes of credential theft and account compromises is weak passwords. Requiring the use of SSO technology across the entire organisation can help prevent common password faux pas (anyone who’s used “Passw0rd” or “12345” as a credential ... we’re looking at you).

#9: Use the news.

Data breach headlines don’t have to scare the pants off of people. Instead, they can be used to reinforce cybersecurity best practices. (Think of it as the “anti” leading by example). In all seriousness, real-world stories can help users become more vigilant about their activity on corporate networks, preventing those costly insider threat mistakes.

#10: Flip the script on scare tactics.

A positive and healthy cybersecurity culture requires that your team to reframe the fear-and punishment-based narratives around cybersecurity. Instead of fearing retribution if they make a mistake, encourage users to approach your team with questions to help prevent these mistakes from happening in the first place (or if a mistake is made, help users navigate their issues). Evaluate how well your employees understand the cybersecurity policy, and if they’re misunderstanding it regularly it may be time to simplify your policy.

What are some of your top cybersecurity awareness tips? Let us know @Proofpoint on Twitter.