White Paper
November 23, 2015, 11:35 AM EST
Author
Source: Synchrony Connect
Abstract:
The holidays will soon be here. So, too, will legions of cyberattackers—targeting your customer and business information. While no company is immune from the damage these attackers cause.
Table of Contents
Cybersecurity Program
We’ve found that the simple proactive measures below are helpful in thwarting cyber threats. We’ve incorporated them into our company’s overall cybersecurity program and urge you to do the same.
1. PATCH ALL HOLES
Make a list of common cyber exploitation tactics, techniques and procedures (TTPs) consistently and successfully leveraged by cybercriminals in the past year. Match them to your known vulnerabilities and ensure that they’re addressed. Also make sure recommended vendor patches are implemented and integrated successfully.
2. AUTHENTICATE, AUTHENTICATE, AUTHENTICATE
Cybercriminals have successfully exploited databases and payment processing systems with remote access tools. The most common approach is to steal VPN credentials of users with privileged access and leverage them to log in to the network. Implement multifactor authentication on remote access devices and users, including third-party vendors with remote network acces, so that users are forced to periodically change their login credentials.
3. SAY “NO” TO MALICIOUS LINKS
Spear phishing—including malicious links in emails that appear to be from familiar people or businesses—accounts for a large percentage of major cyberattacks. Deploying intelligent gateway solutions that analyze content in real time can help stop these malevolent URLs from reachingyour users’ inboxes. For more security, consider adding a solution that checks the safety of an emailed link when a user clicks on it. Finally, make sure all employees know how to recognize spear phishing attacks.
Spear phishing—including malicious links in emails that appear to be from familiar people or businesses—accounts for a large percentage of major cyberattacks. Deploying intelligent gateway solutions that analyze content in real time can help stop these malevolent URLs from reachingyour users’ inboxes. For more security, consider adding a solution that checks the safety of an emailed link when a user clicks on it. Finally, make sure all employees know how to recognize spear phishing attacks.
4. STOP ATTACKERS IN THEIR TRACKS
Sophisticated cyberattackers spend time exploring your company’s network, identifying where customer data is stored and how it’s transmitted internally before being encrypted for external transfer. Review your network environment and make sure all firewalls, intrusion detection systems, remote access and antivirus logging are enabled.
Sophisticated cyberattackers spend time exploring your company’s network, identifying where customer data is stored and how it’s transmitted internally before being encrypted for external transfer. Review your network environment and make sure all firewalls, intrusion detection systems, remote access and antivirus logging are enabled.
5. PRACTICE, PRACTICE, PRACTICE
Develop a detailed 24/7 cybersecurity response and communication plan. Make sure the key members of your cyber intelligence, threat analysis, fraud and investigation teams practice responding to cyber incident scenarios. Remember, there’s no such thing as too much practice.
Develop a detailed 24/7 cybersecurity response and communication plan. Make sure the key members of your cyber intelligence, threat analysis, fraud and investigation teams practice responding to cyber incident scenarios. Remember, there’s no such thing as too much practice.
Teamwork is important. Always remember, you are fighting with attackers who are well networked. Your cybersecurity depends on the strength of the weakest part of a network. So, it’s critical that you work together to build up your cybersecurity systems.
