team is worth investing in. If employees understand the part they play in security and how their
actions can impact the business, they are more likely to think before they click.- Scrutinize app permissions. Although there are harmless uses for device permissions, these
same permissions can also be used to surreptitiously download malware or steal account login
information. Be particularly wary of permissions like “read/write/modify files or storage,” access
to camera, microphone or GPS, “retrieve list of running apps,” download files without notification,
and “display over other apps.” It’s not just about which permissions – it’s about who has access
to the permissions. Only give access to trusted apps. - Use a continuous monitoring, detection, & response system. Diligently analyzing the traffic flowing
in and out of the network and device(s) is one of the only ways to prevent certain threat vectors.
Intrusion detection and prevention systems (IDS/IPS) can be installed on the company network
or on each device to monitor and defend regardless of what network is connected. Threat-hunting
in the “calls over the wire” is one of the best positions to detect hidden malware reaching out for
instructions or pulling down the next phase of the attack. - Ensure the whole team has multifactor authentication enabled on all email accounts. Email is still
the most common delivery method for malware. Only allow employees to access their work email
from secure work devices (not their personal device or a device shared with a family member).
Passwords for email should be completely unique and never reused on another site.
About the Author
Frances Dewing is the CEO of Rubica. Since the company’s inception,
Frances built and directed Rubica’s core operations teams, including cyber
operations, customer support, finance, legal and human resources.
Formerly COO of Concentric Advisors, a consultancy specializing in cyber
and physical security for some of the world’s most high-profile figures,
Frances was instrumental in developing Concentric’s business in Seattle
and Silicon Valley. Frances is a Washington State attorney with a JD from
the University of Washington. She can be reached online via LinkedIn and
at our company website http://www.rubica.com