Reducing Cybersecurity Risks: Internal Audit's Role

| September 16, 2014

article image
Download February's Tone at the Top, Cybersecurity: Keeping IP Under Lock and Key, for more information on reducing cybersecurity risks: https://na.theiia.org/periodicals/Pag...
Private and public sector organizations are facing increased risks of cyberattack. Robert Venczel discusses various ways internal auditors can reduce the cybersecurity risks in their organizations', including encrypting data and educating management.

Spotlight

Virtru

We believe everyone has a right to keep their digital content private and secure. We founded Virtru because we believe that exercising that right should be easy and convenient–simple email encryption for everyone. With Virtru, you can choose when to keep your digital content private and secure for its lifetime, even after it’s shared online. Manage and revoke access to emails, photos, files, and other content at any time, right from within your favorite programs like Gmail, Outlook, and Mac Mail on your desktop or mobile device.

OTHER ARTICLES

Mitigating Risks with Social Media Security Best Practices

Article | September 27, 2021

Social media has become an integral part of business promotion, especially to build brand image and maintain brand reputation. Small businesses to large corporations are active on various social media platforms to interact with their target audience daily. Moreover, the onset of the Pandemic has compelled businesses to rely more on these platforms to connect with their world of customers. This has skyrocketed the amount of information businesses, and customers share on social media. As a result, social media security threats have increased. Hackers are looking for a chance to get into accounts, steal personal and business information, and use it for various gains. Publically accessible social media information is vulnerable to cyber-attacks from cybercriminals. To communicate with customers directly, corporations today operate multiple social media channels. However, cybersecurity measures have to be ensured within the organizations while accessing the channels to increase security. The commonly used safety models, such as the Least-Privileged Administrative model, can be applied in organizations to ensure security. In addition, social media access to employees should be minimized. Taking necessary steps to increase social media security in organizations will help in avoiding deliberate sabotage. However, taking no care in this matter may jeopardize your business, as your company's platforms will be vulnerable to malpractices and attacks by cybercriminals. These factors make social media security vital than ever before. Let us look into some social media security threats and mitigate them through adequate cybersecurity best practices. Social Media Security Threats Third-party Apps Even if you ensure a hundred percentages of security for your social media channels, hackers can quickly get into your account through vulnerable third-party apps. International Olympics Committee and FC Barcelona were victims of it. Twitter accounts of these organizations were hacked through vulnerabilities of connected third-party apps. You cannot foresee how dangerous the third-party apps you use are. Malware Cyber adversaries trick their targets into installing malware to systems and start to control and monitor it. This way, they get sensitive information. Phishing Scams Phishing scams can quickly get into your social media security walls. Phishing scams make employees of organizations hand over information to frauds unknowingly. These can be private information such as passwords, bank details, etc. Unattended accounts Organizations are likely to use some accounts for some time and ignore them after a while. Cyber hackers are targeting these accounts, as they know no one is watching them. Even without hacking, they can post fraudulent messages on those accounts. They use an imposter account for it. They even can send malicious links from these unattended accounts to your followers. Therefore, these unmonitored accounts are a huge threat to your social media security. Social Media Security Tips Above mentioned are some of the social media security threats that corporations face while handling social media pages to interact with tier customers. However, following a social media strategy with stringent social media security best practices can save your company from these frauds and criminals. Cybersecurity products are also available to secure your online activities and business. Social Media Policy All organizations should have an effective social media strategy with a social media security policy for employees, especially those handling the profiles. The guidelines in this policy will make your social media executives handle the accounts safely. Additionally, it will save you from various vulnerabilities that make criminals break into your social media security walls. Social Media Security Audit Due to the technology improving every second, new vulnerabilities, threats, and new hacking tactics emerge. In addition, criminals are also coming up with new viruses, strategies, and scams to hack social media accounts. Thus, it is always good to audit the social media security measures implemented in your company. The audit should be done often, such as quarterly or semi-quarterly. This will ensure that your social media security measures are strong enough to fight new-age hackers. Strong Passwords Strong passwords alone can fight any social media security breaches and cybersecurity threats. Therefore, you have to ensure that you have a strong password for each of your accounts. Your employees should be educated regarding what constitutes a strong password. In addition, it is a good practice to change your password often. Two-factor Authentication According to privacy advocate of Comparitech, Paul Bischoff, two-way authentication is the best way to keep all your social media accounts secure. He says, Whenever an employee logs in from a new device, they are required to input a PIN sent to the account owner via an app, SMS, or email. This not only protects you from stolen passwords but can ensure that whoever is in charge of the accounts is present when logging in on new devices. Although some social media channels provide this facility, it is better to enable it for all your accounts with all the channels to ensure social media security. Summing up Social media is an integral part of business today. Companies need it to interact with customers to build brand image. However, social media security is a concern as technology is improving every second. Criminals are upgrading themselves with new tactics and techniques to hack accounts. Therefore, it is vital to follow and ensure stringent social media security best practices for your accounts to confirm your business's safety, avoiding going sensitive information to the wrong hands. Frequently Asked Questions Are social media channels safe for businesses? Social media is an integral part of marketing today. Therefore, it has to be handled with utmost care and vigilance. It will harm your business if you do not adhere to essential social media security measures, as hackers can get into your accounts quickly. What are some of the social media threats for businesses? There are many social media threats for businesses. Some are unmonitored social media accounts, imposter accounts, vulnerable third-party apps, human error, and phishing attacks and scams. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "Are social media channels safe for businesses?", "acceptedAnswer": { "@type": "Answer", "text": "Social media is an integral part of marketing today. Therefore, it has to be handled with utmost care and vigilance. It will harm your business if you do not adhere to essential social media security measures, as hackers can get into your accounts quickly." } },{ "@type": "Question", "name": "What are some of the social media threats for businesses?", "acceptedAnswer": { "@type": "Answer", "text": "There are many social media threats for businesses. Some are unmonitored social media accounts, imposter accounts, vulnerable third-party apps, human error, and phishing attacks and scams." } }] }

Read More

How Is Covid-19 Creating Data Breaches?

Article | September 27, 2021

Trevor is working from home for the first time. He loves the freedom and flexibility, but doesn’t read his company’s new BYOD policy. Sadly, he misses the fact that his home PC is not protected with updated security software nor the latest operating system patches. Kelcie’s home PC is faster than the old work laptop that she’s been issued to use during the pandemic. She decides to use a USB stick to transfer large files back and forth between her PCs to speed things up. After a few days, she does all her work on her home PC, using a “safe” virtual desktop app. But unbeknownst to her, there is a keylogger on her home PC.

Read More

Single Layers Of Security Aren’t Enough To Protect Your Organization’s Data

Article | September 27, 2021

Next to your employees, your organization’s data is its most important resource. A data breach can devastate an organization’s finances and reputation for years. According to the 2019 Cost of a Data Breach Report, conducted by Ponemon Institute, the average total cost of a data breach in the U.S. is close to $4 million, and the average cost per lost data record is $150. Hackers are more sophisticated than ever and the value of data seems to rise every day. In fact, McAfee believes that 92% of organizations unknowingly have credentials for sale on the Dark Web or “dark net.”

Read More

Creating and rolling out an effective cyber security strategy

Article | September 27, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Spotlight

Virtru

We believe everyone has a right to keep their digital content private and secure. We founded Virtru because we believe that exercising that right should be easy and convenient–simple email encryption for everyone. With Virtru, you can choose when to keep your digital content private and secure for its lifetime, even after it’s shared online. Manage and revoke access to emails, photos, files, and other content at any time, right from within your favorite programs like Gmail, Outlook, and Mac Mail on your desktop or mobile device.

Events