Welcome to the second half of 2016! How are you New Year’s resolutions going? More specifically, how are your security resolutions going?
Back in December we compiled a list of security resolutions everyone should make in 2016:
- Step up the security training
- Restrict access
- Lock up IoT
- Accept EMV
Have you been working on these goals?
Getting your security resolutions back on track
If you have fallen off the wagon or just never started working toward these goals, here are some tips for getting back on track and starting good security habits.
Step up the security training
Hackers are always going to go for the weakest link and, often, that is an under-trained employee. There is no doubt that security training is boring, but there are ways to make it less painful.
We recently wrote a post about making people care about security. Making them care is the key to making them follow safety protocols. To make people care, you need think outside the box. You need to throw away the idea of typical meetings. Those make people’s eyes glaze over. You need to focus more on everyday interactions and making people understand how security affects them.
It is time to change your access privileges. Not everyone needs access to everything. With humans being the biggest threat to security, the less information they have to compromise, the better. This applies to everything from your employees’ work computers to BYOD to third-party vendors.
Our best advice to give access, don’t take it away. Start with a basic “package” and from there customize based on the person’s job. Most importantly, remember that not every person and device needs access. You have the power to say no.
Lock up IoT
For company security purposes, IoT and BYOD have become a linked problem. The growing number of IoT devices is threating your original BYOD policy. Even if you created a BYOD policy in the last three years, it likely doesn’t include fitness products, medical devices or watches. It also needs to include how you handle work-from-home employees. Take a look at our recent blog post on the growing issue of IoT and BYOD and then check out this great article on how to create a BYOD policy in 2016.
If you aren’t accepting EMV yet, you are not alone; you can expect to find chip and pin readers in fewer than one in five brick-and-mortar merchants. But just because everyone else is moving slow doesn’t mean you should. In the grand scheme of things, it is a small investment to transfer the liability of an attack to someone else. In our recent post about the state of EMV six months after the EMV law went into place in the U.S., we discussed the non-financial related reasons why businesses are not using EMV. None of them are good excuses for placing yourself in harms way.
It is never to late to improve your security, but we highly suggest starting now. As the inspirational quote goes, “a year from now you will wish you had started today.”