CSO magazine recently surveyed the cybercrime landscape with the help of Carnegie Mellon’s CERT Coordination Center and the U.S. Secret Service to identify the most effective methods used to fight e-crime. Here’s what they came up with:
- Engage in internal employee monitoring.
- Have a written inappropriate-use policy.
- Require employees and contractors to sign acceptable-use policies.
- Monitor Internet connections.
- Require internal reporting to management of insider misuse and abuse.
- Host employee education and awareness programs.
- Develop a corporate security policy.
- Conduct new employee security training.
- Do periodic risk assessments.
- Conduct regular security audits.
Don’t be fooled, these are not in a priority order. In fact, I’m not sure why they sorted them this way. If you had to guess which one of these is being used the least in corporate America today, which one would you choose?
My guess is that #10 — the last on the list — is one of the most effective ways to deter malicious activities. I would also guess that the one that is used the least is the sixth item on the list.
You can bet that people are way too busy and moving too fast to sit in a room or in a webinar for 30 minutes to find out all about something called “Phishing.” Yet this is the fastest growing cybercrime today. The Anti-Phishing Working Group offers useful tools and resources to help fight the good fight.