Did I mention that when it comes to IT security and defense in depth, the more layers the better?

One of the weakest points in many organizations is #7 on our list:

#7 Authenticate

You need to think in terms of both user authentication and information authentication. When it comes to user authentication, before allowing users access to your data, apps, systems, or networks authenticate them with at least two factors (something they know, something they are, something they have). Also …

• Make sure passwords are unique. The same password should not be shared among users nor used on different systems.
• CHANGE DEFAULT CREDENTIALS!  When your system/network admins deploy a new system or service, change the password.
• Consider using an identity/access management system with single sign-on capability to reduce the complexity, risk, and cost of managing employee authentication and access.

As for #8 on our list, remember: Those who wait to get clobbered — get clobbered! So …

#8 Become proactive about security

This means you need to:

• Understand your organization’s infrastructure, data and application environment
• Look for integrated security capabilities rather than standalone products so you can improve your security intelligence
• Develop a clear, concise security policy that meets your organization’s compliance requirements and then …
  1. Train employees about how to adhere to it
  2. Enforce it strictly
  3. Revisit it regularly to keep it up-to-date and effective against threats