The nature of the Internet and worldwide connectivity has changed the traditional centuries old paradigm regarding proximity. We now see threats from all parts of the global. What are three cybersecurity policies for a firm that would mitigate risks for cybersecurity attacks at the global level? Cybersecurity threats continue to rise year after year and the problem continues grow due to the global nature of attacks. Organizations must implement security policies in order to protect themselves against such threats. Below are three policies that would help organizations better defend against global threats.
Continuous Diagnostics and Mitigation
All organizations operating online need to have an effective monitoring plan in place that is continually reviewed and updated. The Department of Homeland Security publishes a comprehensive framework called Continuous Diagnostics and Mitigation (CDM) for the purpose of providing federal agencies tools to better monitor their own infrastructure. Organizations should adopt a similar program in order to effectively monitor and protect against global threats. CDM provides Federal Agencies with capabilities and tools and identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. DHS (2018).
Employee Awareness Security Training
In an article about the employee life cycle and identification of internal organizational threats, Conrad et al (2009) asserts that within an organization, the employee population is the source of potential malicious insiders. Organizations need to address this threat head on. Whether employees accidentally or deliberately cause a vulnerability that exposes the organization to increased risk, proper security training, policies and procedures need to be put in place. In addition to policy, proper roles based access control should be implemented and the least privilege principle should be adhered to in account management.
Restriction on non-company issued devices
Organizations need to provide policies and effective procedures that deal head on with the Bring Your Own Device (BYOD) trend that has increased in recent years. If organizations are going to allow employees to use their own device, steps must be taken to apply appropriate security hardening. Platforms such as Microsoft’s Company Portal can help with this, but ultimately the organization will need to maintain and uphold these restrictions. In recent years, jail breaking phones and devices to use unrestricted software has become popular. Unfortunately jail breaking or ‘rooting’ a device can often leave it vulnerable to malicious code or unintentional security vulnerabilities. AhnLab (2012). These vulnerabilities could then be used to breach the corporate network.