Maksim Kabakou - Fotolia

Security Think Tank: Five security controls to keep employees out of cyber firing line

What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?

There has been no shortage of high-profile hacking stories in recent months, each of them highlighting the fact that organisations need to make cyber defence part of their day-to-day operations.

Employees play a key role in protecting the enterprise, but it is critical to support them through effective organisational security controls, such as the following:

Phishing tests

Designed to flag where additional cyber security training is required, phishing tests pose as genuine requests for details to encourage users to provide details that they should not.

To be effective, phishing tests need to show which users clicked on links and entered partial or complete details. Phishing exercises also provide evidence of whether policies are being adhered to and, by enabling users to become familiar with the type of approaches the cyber criminals take, reduce the likelihood of a real issue being exploited.

Two-factor authentication

Using a separate authentication device and single-use codes provides an additional security step. Two-factor authentication (2FA) uses two different mechanisms to prove the user is the correct person, thereby guarding against impersonation risks.

Non-password validation technology

This includes image-based questions. It needs to use dynamic information, such as a visual prompt that it is not possible to glean from static form text, to test visual and immediate information processing. For example, reCaptcha requires users to make a change on the screen that is difficult to script and therefore protects against automated attacks.

Visual prompts guard against machine-learnt brute force techniques, whereby machines continue to bombard websites or authentication mechanisms with thousands of different combinations until one is successful (essentially a high-volume trial-and-error approach). Testing visual and human intelligence responses reduces the likelihood of passwords being the single control mechanism and so strengthens the authentication protocols.

Integrated spam reporting and virus scanning

Suspect emails, plus any attachments, are quickly identified as spam, and immediately “quarantined” to a safe zone.

Any attachments or code must be prevented from deploying and the message should remain intact, including the header information, which contains vital trace data for reverse engineering the delivery paths. This allows early reporting of suspicious emails and guards against them being spread throughout the organisation and network.

Good housekeeping

The risk of cyber attacks can be reduced with strong administrative procedures. These include regular anti-virus scans and upgrades, strong password policies that are enforced, and automated cleaning of browsing history and cache folders.

Users should also know to check that incoming emails addresses are not “masked” and report email threats to the IT administrator so that, if required, amendments can be made to the firewall and networking configuration.

Regular reminders of good email practice reduce the likelihood of a phishing attack succeeding. This could include a permanent header within the email interface, reminding users not to click on links from external sources and never to give away information such as passwords, as well as providing links to relevant training information.

Read more on Hackers and cybercrime prevention