Spring has Sprung: CISO Guidelines for Organizational Spring Cleaning

Featured article by Guy Caspi, CEO of Deep Instinct

Winter is finally over and spring is in the air. If you’re like us and prefer warmer days, in preparation for spring, we compiled a CISO checklist. Throw your broom away and replace it with a pen and paper to be sure you’re following these guidelines:

1. Freshen up your cybersecurity knowledge base: Are your employees cyber educated?

Employees who lack cybersecurity awareness may open the door for cyber criminals, resulting in data breaches and ransomware attacks. Most of the time, employees are oblivious to potential cyber threats. Therefore, it is highly important to properly educate employees when it comes to cybersecurity risks and security precautions that they can take. Make sure your employees are aware of the fact that every one of them can be a potential target, from the top level to the IT department. Employees should be taught how to recognize a potential malicious email, link or attachment and send it to IT to be inspected. Ways to raise awareness include: Conducting cyber safety training of suspicious emails and educating them about falling victim to social engineering when providing personal information on the phone or social media. Additionally, if employees use personal devices such as mobile phones or laptops to conduct business (BYOD), companies have to outline procedures in order to protect sensitive information outside the walls of a company.

2. Every password can use a little polishing up: How strong are your passwords?

Be sure to invest in password managers and two-step verification. Set up a password policy in order to ensure that your employees change default passwords, use different passwords for different platforms, change their passwords periodically, and store their passwords in a safe place. Educate them to avoid the all too common passwords (such as ‘password’ or 123456) that are easy to hack.

3. Dust off your data security habits: Are your organization’s “crown jewels” protected?

Delineate with your IT team where and how your enterprise’s most sensitive data is stored. How well is it encrypted and protected? Who has administrative privileges and what verification methods are being used on those who have access to it? For more information on how to protect your valuable data from criminal cyber activity, read our post on cracking down on cybercrime.

4. Have the C-Suite brush up on risks: Are they and the board aware of threats?

Your organization’s cybersecurity “health” is no longer confined to IT. Hacks have financial, legal, reputational, and operational implications. As a result, cybersecurity has also become a matter of concern for senior management and the board. This has shifted the role of the CISO from technical leader to risk management advisor. Make sure to share with your C-Level managers and directors the challenges that your organization faces. Educate them about the implications and trends of the latest cyber-attacks and threats, as well as best practices and the new solutions of how to avoid them.

5. Refurbish your cybersecurity solutions: Are you effectively handling rising threats?

The cyber-attacks and hacks we’ve witnessed in 2016 are revealing an increase in Advanced Persistent Threat (APT) attacks, attacks on mobile phones (which are putting companies with BYOD policies at even more risk), ransomware attacks and more zero-day malware threats and attacks. As you keep up with the news, analyses and reports, make sure you are equally updated about the new solutions that become available on the market. Deep Instinct is the first company to apply artificial intelligence deep learning to cybersecurity. With an innovative technology at its core, Deep Instinct offers solutions for the new cybersecurity ecosystem: instead of just identifying and alerting about threats, zero-day and APT attacks are blocked in real-time on endpoints, servers, traffic, and mobile devices before they can cause any harm. Click here to learn more.

As cybersecurity continues to play a vital part in every business and within every role, it is essential for you to stay on top of your game. Make sure to sweep away the cobwebs and scrub off any cybersecurity risks and replace them with a clean cybersecurity solution.