Security tips: Top 10

Security is weakest at the human level. Therefore, organizations should:
- Implement consistent security awareness training with associated testing to gauge effectiveness.
- Enforce security in all projects at the concept phase. Incorporating controls later in the implementation results in increased costs and less effective results.
- Develop procedures to ensure data stored on removable media devices is always encrypted. Delete files from flash drives as soon as possible.
- Protect passwords, change them often and do not write them down and leave them unsecured.
- Develop an effective policy for use of social media to limit the potential loss of critical company information, while leveraging the marketing flare of social media.
- Review access control frequently to prevent “privilege creep.” This is critical as employee roles expand.
- Consider application whitelisting (allowing the use of good applications and prohibiting bad ones) for employees who routinely manage sensitive data.
- Conduct periodic risk assessments to manage security spending effectively. Apply controls based on risk to the business.
- Move to multifactor authentication where feasible.
- Use a program that either prevents or warns you about navigating to a known spyware site.
Source: Unisys