1. Record Organizational Inventory
Understand what information you need to protect and where it is, as well as all the hardware and software in play. It’s essential to know the inventory you hold, it’s value, the threats it faces, and assess where improvements are required.
2. Keep All Systems Patched Up!
Patching of operating systems and application is one of the single best preventative tools we have to protect against threats. However, patching should be done well, in a timely fashion, and to every single device in order to be effective. Technical debt is always a challenge but employ lifecycle management and get rid of legacy unsupported operating systems and applications.
3. Implement and Execute Backups
If it’s important, back it up and ensure there is an offline copy of the backup. Regularly test the backup to ensure that it’s working. Backups help ensure continuity, and in the event of a Ransomware incident, help you recover quickly.
4. Manage Your Accounts
Only give administrator access for operating systems and applications to those that really need it. Review the administrator list on a regular basis and update privilege levels based on organizational needs. Privileged accounts, should they be compromised, can give criminals the ‘keys to the kingdom’, so make sure you have a process for removing (or disabling) these accounts when no longer needed.
5. Use Complex Passwords & Implement Multi-Factor Authentication
Enforce the use of longer passphrases and use Multi-Factor Authentication (MFA). Password compromise is involved in 80% or more of all breaches. Passwords should not be easy to guess, and MFA adds an additional layer of protection so that if your password is compromised, a criminal can’t use it to access your systems. Have a look at our recent password blog for more details.
6. Strengthen Your Firewalls
Firewalls are as important as they’ve ever been. Deploy a firewall and configure it with the least permissive rules you can. Use UTM (Unified Threat Management) functionality. Anti-Virus checks traffic for malware, Content Filtering helps prevent your users from accessing malicious sites, and Intrusion Prevention can block known incoming attacks. These are just some of the features of a strong firewall.
7. Conduct Ongoing End User Training
Another crucial element of cybersecurity is training your employees on how to spot suspicious emails. This should not be a one-time effort as we all need reminders and practice to make sure emails are handled correctly. User training is only effective when done consistently and adapts to address evolving cyberattack trends. Your training should include handling emails with links and attachments, emails trying to abuse financial processes (e.g. fake invoices, transfers), as well as guidance and expectations on overall use of your company systems and networks.
8. Use Strong Anti-Virus / Anti-Malware Tools
Only give administrator access for operating systems and applications to those that really need it. Review the administrator list on a regular basis and update privilege levels based on organizational needs.
9. Have A Plan
Be prepared in the event you suffer an incident or breach. The urgency of the situation post-breach can lead to steps being missed or the wrong resources being engaged. Having a disaster recovery plan that is tested to ensure that you can resume business within an acceptable timeframe provides you with peace of mind. An incident response plan on the other hand will outline who will coordinate efforts if there is a security incident, what steps need to be taken to contain and recover, and what to communicate to clients or regulators.
Centralized endpoint Anti-Virus programs continue to be a valuable protection layer. These have evolved from being simple signature-based tools to also include advanced threat protection that blocks malware based on behaviour and machine learning.
10. Implement Strong Security Policies & Procedures
From a governance perspective, and to ensure alignment with your business objectives, you should have documented policies and procedures around the above practices. As part of a formal risk assessments, these policies and controls should be reviewed annually to ensure continued alignment as well as identifying gaps or improvements required.
ITWeapons. (2020, October 1). The 10 Most Important Cyber Security Tips for Your Business. Https://Www.Itweapons.Com. Retrieved October 21, 2021, from https://www.itweapons.com/cybersecurity-tips/