Arraya Insights | November 17, 2014
October has come and gone and with it so has another National Cyber Security Awareness Month. The month-long celebration sponsored by the US Department of Homeland Security, in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center was designed to bring digital security issues to the forefront.
Throughout the month, Arraya posted a series of tips and news stories which IT leaders could use as a way to kick start a conversation with end users and their teams about security best practices which can sometimes be overlooked.
Arraya’s first post in the series covered how employees can stay safe while using email. It included four steps employees should and shouldn’t take if they encounter an email they didn’t request or that seems a little fishy, including not interacting with it and using another point of contact to confirm the legitimacy of the email. That way they won’t put the company’s data in harm’s way by falling into a phisher’s trap.
Next, Arraya touched on the topic of password security. This post came in the wake of an alleged hack on file-sharing service Dropbox, which allowed attackers to get their hands on user log-in info. It turned out Dropbox hadn’t been hacked and that the log-in info had been obtained during attacks on other services. The hackers responsible were simply trying out the info on multiple sites, including Dropbox, to see if any users had broken the cardinal rule of password security: never use the same password more than once. Arraya also included five other top password tips, including using varying patterns and keeping them random.
From there, we shared some insight on the recently-announced SSL 3.0 encryption software vulnerability known as “Poodle.” This could give hackers access to and the ability to decrypt small data files known as cookies. Once they have that info, hackers can then use it to take control of a person’s accounts. The good news was, this vulnerability wasn’t a huge threat as SSL 3.0 is pretty much obsolete at this point. However, it was still recommended that IT leaders lock SSL 3.0 out of their network and move users towards more modern encryption techniques.
The cost of containing and resolving a cyber-attack was also explored in the series. According to research done by Ponemon Institute, it takes companies an average of 31 days to contain a cyber-attack, costing them $639,462 in the process. That comes out to $20,758 per day on containment and resolution. That’s an increase of 23% from last year’s total. To avoid those costs and to combat system downtime, Arraya recommended its Manage 365+ product. This managed infrastructure product provides round-the-clock, 24/7 monitoring for supported devices, ensuring health, availability and performance. In addition, users can decrease IT costs and increase efficiency by automating lower level parts of the job, allowing IT staffers to focus on what matters most to companies.
The last post in the series covered enterprise mobility management suites. As the divide between “work computer” and “personal computer” gets harder to spot, adding an enterprise mobility management suite could be just the thing to help balance employees’ desire to work on the go with IT’s responsibility to ensure security. In this post, Arraya ran down some of the ways to build an airtight sales pitch for making the change.
Want to see just how successful your Cyber Security Month efforts were and where things stand at your company now? Contact your Arraya Account Executive or click here to set-up a free security architecture consultation.