Cybercrime is scary. Its consequences disrupt organizations and can endanger the lives of people who depend on them for services.
Like crime in the physical world, we do our best to minimize our risk. And just like in the physical world, good planning can be the difference between catastrophe and complete recovery.
Recently, the world has learned once again, that defense in depth is absolutely necessary. The best security planning includes basic, key components, whose value cannot be overestimated. These include:
- Awareness of dangers in your IT environment and how to mitigate them, such as training employees to know what to watch for and how to follow a predetermined procedure for safe handling of suspicious emails, attachments and links.
- Tools such as spam filters and anti-malware can help to minimize exposure.
- Patching of software vulnerabilities with recommended updates. Availability of patches may be contingent upon manufacturer’s product lifecycle, so on-going management of end-of-life is key.
- Back-ups that are current and stored in a safe location are essential in order to return to normal operations after a breach.
- Implementing a good incident response plan can empower users to keep a small incident from becoming much worse.
Find additional information about cyber security awareness at United States Computer Emergency Readiness Team: https://www.us-cert.gov/security-publications/Ransomware
Learn about free cyber security training for government employees at the National Initiative for Cybersecurity Careers and Studies: https://niccs.us-cert.gov/featured-stories